McAfee PROBLEM !!! (solved)
Chris Yuzik
chris at FRACTALWEB.COM
Fri Mar 5 22:13:15 GMT 2004
Bart,
This is a very interesting idea. I'm not sure how much extra overhead
this would cause for MailScanner though. It's almost like you'd have to
spawn a separate process to attempt to decrypt the zip...and somehow
pass all the words to try.
I'll follow this thread to see what other ideas people come up with.
Cheers,
Chris
MailScanner wrote:
>MS could check the body of the message and try all words within ten words of 'password' to unlock the encrypted zip file, plus all phrases in the filename of the attachment. E.g. phrases like 'The password for this zip file is abracadabra' or 'use abracadabra when prompted for a password' will allow it to crack the zip.
>
>This would expose the cleartext virus code which may still change, but AV software has been able to deal with morphing viruses for a while now.
>
>Even if the contents of the zip were benign, we could still block/quarantine the message as 'uselessly encrypted zip file' since the only point in sending a encrypted file and its key in the same message is to bypass automated scanning.
>
>Bart...
>
>
More information about the MailScanner
mailing list