McAfee PROBLEM !!! (solved)

Rabellino Sergio rabellino at DI.UNITO.IT
Wed Mar 3 17:51:35 GMT 2004

Denis Beauchemin wrote:
> Le mer 03/03/2004 à 12:14, Denis Beauchemin a écrit :
>>Many infected password-protected zip files passed through our McAfee AV
>>(using 4332).  Nonetheless we detected 341 W32/Bagle.j at MM since
>>Le mer 03/03/2004 à 11:34, Michael Baird a écrit :
>>>Good Question, Does DAT 4332 fix it, my understanding was that it
>>>handled the unzipping and so forth, and MailScanner interpreted the
>>>response, I'm looking for confirmation, I'm running an older version of
>>>MailScanner (4.25-14 I believe), I hate to upgrade unless it's
> I've taken a look at the Bagle.j detected so far and none were in a zip
> file (all were plain pif files).
> So I'd say 4332 is definitely not catching any password-protected Bagle!
> Denis
As Bagle encrypt the virus itself in the zip with a random password, how can McAfee (or any other antivirus) catch a 
virus encrypted in 999999 different forms ? (the password is 6 integer digits)

I far as I know, the only solution is to trash any password protected zip at all, as the latest MS does; I've done today 
the upgrade from a 3.x release (yes was almost fine before today....)
and all the Bagle was cutted off my inboxes.

Dott. Sergio Rabellino

  Technical Staff
  Department of Computer Science
  University of Torino (Italy)
Tel. +39-0116706701
Fax. +39-011751603

More information about the MailScanner mailing list