HEADS UP - viruses in password protected zip files

Julian Field mailscanner at ecs.soton.ac.uk
Tue Mar 2 09:29:20 GMT 2004


At 23:11 01/03/2004, you wrote:
>Gene LeDuc wrote:
>
>>Hi Kevin,
>>
>>My company has always blocked passworded zips.  If the gateway can't
>>unzip the
>>file, it gets blocked.  It's a brain-dead gateway, so I won't embarrass
>>myself (by association) by saying what it is.
>>
>>On Monday 01 March 2004 02:05 am, Spicer, Kevin wrote:
>>
>>
>>>This virus is spreading rapidly, we've seen it overnight (although not in
>>>its password protected form - but we had no way of spotting that so it may
>>>have got through).
>>>
>>>I'm now blocking zip files (making me not very popular this morning!).
>>>
>>>Time to start a discussion about ways to block password protected zip
>>>files?
>>>
>Kevin,  Did you find a way to block only password protected zips?  We've
>seen a couple of hundred Bagle.F and Bagle.H incidents today.  An update
>from Mcafee started catching Bagle.F but not Bagle.H yet.  For now I'm
>blocking all zips.  I'd like to just block the password protected ones
>but haven't figured out a way to do it.  I suspect Mcafee uses a
>simplistic approach to detecting this.  I won't go into why I think this
>for security reasons.  I do think were rapidly heading towards
>permanently restricted password protected zips.  If the content of any
>type of file can't be validated then we'll have to restricted it.  So,
>any idea how to do this?

See 4.28.2.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list