McAfee PROBLEM !!! (solved)
rabellino at DI.UNITO.IT
Wed Mar 3 17:51:35 GMT 2004
Denis Beauchemin wrote:
> Le mer 03/03/2004 à 12:14, Denis Beauchemin a écrit :
>>Many infected password-protected zip files passed through our McAfee AV
>>(using 4332). Nonetheless we detected 341 W32/Bagle.j at MM since
>>Le mer 03/03/2004 à 11:34, Michael Baird a écrit :
>>>Good Question, Does DAT 4332 fix it, my understanding was that it
>>>handled the unzipping and so forth, and MailScanner interpreted the
>>>response, I'm looking for confirmation, I'm running an older version of
>>>MailScanner (4.25-14 I believe), I hate to upgrade unless it's
> I've taken a look at the Bagle.j detected so far and none were in a zip
> file (all were plain pif files).
> So I'd say 4332 is definitely not catching any password-protected Bagle!
As Bagle encrypt the virus itself in the zip with a random password, how can McAfee (or any other antivirus) catch a
virus encrypted in 999999 different forms ? (the password is 6 integer digits)
I far as I know, the only solution is to trash any password protected zip at all, as the latest MS does; I've done today
the upgrade from a 3.x release (yes was almost fine before today....)
and all the Bagle was cutted off my inboxes.
Dott. Sergio Rabellino
Department of Computer Science
University of Torino (Italy)
More information about the MailScanner