ZIP File problem
Jan-Peter Koopmann
Jan-Peter.Koopmann at SECEIDOS.DE
Tue Oct 19 17:42:36 IST 2004
Hi,
I just checked a MailScanner installation against the currupt ZIP file
problem many virus scanners seem to have. I used the virus check on
www.heise.de
(http://www.heise.de/security/dienste/emailcheck/demos/go.shtml?mail=zip
_g0). This test will send you a ZIP archive, which is manipulated so
that the eicar.com file is supposed to have only 0 bytes. Many archivers
will extract this correctly. MailScanner obviously did not. It was
blocked due to being .com but the test virus was not found.
There are two tests. One changes the uncompressed size in the global ZIP
directory and one in the local ZIP directory (sorry, trying to translate
the german page as good as I can without knowing ZIP files too well).
One test (local dir) works ok but the global dir test fails.
Is there anything we/Julian etc. can do? Are the ZIPs extracted by the
virus scanners or by MailScanner?
Regards,
JP
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list