[KLUG Members] The latest M$ virus.
Bruce Smith
members@kalamazoolinux.org
Thu, 04 Mar 2004 20:39:09 -0500
> > Anyone know of a way to block password protected ZIP files on the MTA?
> > (and still allow regular zip files through - after virus scanning their
> > contents)
> >
> > Yes, the latest virus has found away around virus scanning by embedding
> > itself in a password protected zip file. Since the virus scanner can't
> > unzip the file to scan it, it passes the file though. The message text
> > contains the password to the zip file (which is randomly generated), and
> > looks like a tech support message telling the user to unzip and run the
> > enclosed .exe file.
>
> Clam AV stops Worm.Bagle.?. I can recommend nothing more highly.
I'm running the latest ClamAV on my MTA and it's getting through.
(yes, I'm up to date, freshclam runs every hour)
- BS