HEADS UP - viruses in password protected zip files
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Mar 2 09:29:20 GMT 2004
At 23:11 01/03/2004, you wrote:
>Gene LeDuc wrote:
>
>>Hi Kevin,
>>
>>My company has always blocked passworded zips. If the gateway can't
>>unzip the
>>file, it gets blocked. It's a brain-dead gateway, so I won't embarrass
>>myself (by association) by saying what it is.
>>
>>On Monday 01 March 2004 02:05 am, Spicer, Kevin wrote:
>>
>>
>>>This virus is spreading rapidly, we've seen it overnight (although not in
>>>its password protected form - but we had no way of spotting that so it may
>>>have got through).
>>>
>>>I'm now blocking zip files (making me not very popular this morning!).
>>>
>>>Time to start a discussion about ways to block password protected zip
>>>files?
>>>
>Kevin, Did you find a way to block only password protected zips? We've
>seen a couple of hundred Bagle.F and Bagle.H incidents today. An update
>from Mcafee started catching Bagle.F but not Bagle.H yet. For now I'm
>blocking all zips. I'd like to just block the password protected ones
>but haven't figured out a way to do it. I suspect Mcafee uses a
>simplistic approach to detecting this. I won't go into why I think this
>for security reasons. I do think were rapidly heading towards
>permanently restricted password protected zips. If the content of any
>type of file can't be validated then we'll have to restricted it. So,
>any idea how to do this?
See 4.28.2.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list