[KLUG Members] The latest M$ virus.
Peter Buxton
members@kalamazoolinux.org
Thu, 4 Mar 2004 20:09:57 -0500
On Thu, Mar 04, 2004 at 09:15:25AM -0500, Bruce Smith was only escaped
alone to tell thee:
> Anyone know of a way to block password protected ZIP files on the MTA?
> (and still allow regular zip files through - after virus scanning their
> contents)
>
> Yes, the latest virus has found away around virus scanning by embedding
> itself in a password protected zip file. Since the virus scanner can't
> unzip the file to scan it, it passes the file though. The message text
> contains the password to the zip file (which is randomly generated), and
> looks like a tech support message telling the user to unzip and run the
> enclosed .exe file.
Clam AV stops Worm.Bagle.?. I can recommend nothing more highly.
--
The undesirable classes do not liquidate themselves. -- Joseph Stalin