[KLUG Members] The latest M$ virus.

Bruce Smith members@kalamazoolinux.org
Thu, 04 Mar 2004 20:39:09 -0500

Previous message: [KLUG Members] The latest M$ virus.
Next message: [KLUG Members] suse 9.0 and rpm's
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Anyone know of a way to block password protected ZIP files on the MTA?
> > (and still allow regular zip files through - after virus scanning their
> > contents)
> > 
> > Yes, the latest virus has found away around virus scanning by embedding
> > itself in a password protected zip file.  Since the virus scanner can't
> > unzip the file to scan it, it passes the file though.  The message text
> > contains the password to the zip file (which is randomly generated), and
> > looks like a tech support message telling the user to unzip and run the
> > enclosed .exe file.
> 
> Clam AV stops Worm.Bagle.?. I can recommend nothing more highly.

I'm running the latest ClamAV on my MTA and it's getting through.
(yes, I'm up to date, freshclam runs every hour)

 - BS

Previous message: [KLUG Members] The latest M$ virus.
Next message: [KLUG Members] suse 9.0 and rpm's
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]