Educause Security Discussion mailing list archives
Password protected ZIP's and Email Viruses
From: Michael_Maloney <Michael_Maloney () MIDDLESEXCC EDU>
Date: Tue, 2 Mar 2004 15:43:52 -0500
With the release of Beagle.H and Beagle.I, virus writers started enclosing the infected files within password protected ZIP files. This negated the ability of A/V software to view the enclosed file within. I've found that the A/V software does see the file within the ZIP archive, but cannot process it because it does not recognize the extension. When the archive is password protected, the file enclosed receives a "+" character at the end of the extension (ie test.exe becomes test.exe+) Since the A/V software doesn't recognize that kind of extension, it lets it pass thru. I found that by adding the "+" character to file extensions that are blocked (.exe+, .cmd+, .vbs+ etc etc), the A/V software can now recognize that file extension and perform the necessary actions on it. I've only tested this out on Norton Anti-Virus for Exchange V2.1, but it should work on the other A/V software programs. ******************************************** Mike Maloney Sr. System Engineer Middlesex County College 2600 Woodbridge Avenue Edison, NJ 08818 Phone: 732-906-7754 Cell: 908-217-2086 Fax: 732-906-4266 Email: Michael_Maloney () middlesexcc edu ******************************************** ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Password protected ZIP's and Email Viruses Michael_Maloney (Mar 02)
- <Possible follow-ups>
- Re: Password protected ZIP's and Email Viruses Gary Flynn (Mar 02)
- Re: Password protected ZIP's and Email Viruses Michael_Maloney (Mar 02)