MailScanner and password protected archives
Hugo van der Kooij
hvdkooij at vanderkooij.org
Wed Jul 25 22:59:45 IST 2007
On Wed, 25 Jul 2007, Scott Silva wrote:
> I am not sure if virus scanners can scan in a password-protected archive. That
> is why they were used for malware last year.
I am not exactly sure how they do it. But some of the password protected
ZIP files I have are listed as infected.
>From the scanner logs I took just the details on 1 sample of such a file.
* Avast:
2F8029F68AE25B84F6A51F30A68DF8F1.270849.win32/smiissm.exe [scan error: Archive is password protected]
* Avira:
2F8029F68AE25B84F6A51F30A68DF8F1.270849.win32 <<< Is the Trojan horse TR/Dldr.Delf.HC.25
* BitDefender:
2F8029F68AE25B84F6A51F30A68DF8F1.270849.win32 infected: Trojan.Downloader.Delf.HC
* DrWeb:
2F8029F68AE25B84F6A51F30A68DF8F1.270849.win32/smiissm.exe infected with Trojan.DownLoader.1567
* Kaspersky:
2F8029F68AE25B84F6A51F30A68DF8F1.270849.win32/smiissm.exe INFECTED Trojan-Downloader.Win32.Delf.hc
* VBA32:
2F8029F68AE25B84F6A51F30A68DF8F1.270849.win32:<ZIP>\smiissm.exe : password protected - unable to scan
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
This message is using 100% recycled electrons.
Some men see computers as they are and say "Windows"
I use computers with Linux and say "Why Windows?"
(Thanks JFK, for the insight.)
More information about the MailScanner
mailing list