[KLUG Members] The latest M$ virus.

Peter Buxton members@kalamazoolinux.org
Thu, 4 Mar 2004 20:09:57 -0500

Previous message: [KLUG Members] The latest M$ virus.
Next message: [KLUG Members] The latest M$ virus.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 04, 2004 at 09:15:25AM -0500, Bruce Smith was only escaped
   alone to tell thee:

> Anyone know of a way to block password protected ZIP files on the MTA?
> (and still allow regular zip files through - after virus scanning their
> contents)
> 
> Yes, the latest virus has found away around virus scanning by embedding
> itself in a password protected zip file.  Since the virus scanner can't
> unzip the file to scan it, it passes the file though.  The message text
> contains the password to the zip file (which is randomly generated), and
> looks like a tech support message telling the user to unzip and run the
> enclosed .exe file.

Clam AV stops Worm.Bagle.?. I can recommend nothing more highly.

-- 
The undesirable classes do not liquidate themselves. -- Joseph Stalin

Previous message: [KLUG Members] The latest M$ virus.
Next message: [KLUG Members] The latest M$ virus.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]