McAfee PROBLEM !!! (solved)

Julian Field mailscanner at ecs.soton.ac.uk
Sat Mar 6 11:18:20 GMT 2004


And then the virus writers counter it by adding "For extra security, I
typed the password backwards". And then you have to try every word
backwards as well. It's an arms race you can't possibly win, so there's no
point fighting the battle.

At 22:13 05/03/2004, you wrote:
>Bart,
>
>This is a very interesting idea. I'm not sure how much extra overhead
>this would cause for MailScanner though. It's almost like you'd have to
>spawn a separate process to attempt to decrypt the zip...and somehow
>pass all the words to try.
>
>I'll follow this thread to see what other ideas people come up with.
>
>Cheers,
>Chris
>
>MailScanner wrote:
>
>>MS could check the body of the message and try all words within ten words
>>of 'password' to unlock the encrypted zip file, plus all phrases in the
>>filename of the attachment. E.g. phrases like 'The password for this zip
>>file is abracadabra' or 'use abracadabra when prompted for a password'
>>will allow it to crack the zip.
>>
>>This would expose the cleartext virus code which may still change, but AV
>>software has been able to deal with morphing viruses for a while now.
>>
>>Even if the contents of the zip were benign, we could still
>>block/quarantine the message as 'uselessly encrypted zip file' since the
>>only point in sending a encrypted file and its key in the same message is
>>to bypass automated scanning.
>>
>>Bart...
>>

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list