Password protected ZIP's and Email Viruses

[Michael_Maloney <Michael_Maloney () MIDDLESEXCC EDU>]

With the release of Beagle.H and Beagle.I, virus writers started enclosing
the infected files within password protected ZIP files.  This negated the
ability of A/V software to view the enclosed file within.

I've found that the A/V software does see the file within the ZIP archive,
but cannot process it because it does not recognize the extension.  When the
archive is password protected, the file enclosed receives a "+" character at
the end of the extension (ie test.exe becomes test.exe+)  Since the A/V
software doesn't recognize that kind of extension, it lets it pass thru.

I found that by adding the "+" character to file extensions that are blocked
(.exe+, .cmd+, .vbs+ etc etc), the A/V software can now recognize that file
extension and perform the necessary actions on it.

I've only tested this out on Norton Anti-Virus for Exchange V2.1, but it
should work on the other A/V software programs.

********************************************
Mike Maloney
Sr. System Engineer
Middlesex County College
2600 Woodbridge Avenue
Edison, NJ 08818
Phone: 732-906-7754
Cell: 908-217-2086
Fax: 732-906-4266
Email: Michael_Maloney () middlesexcc edu
********************************************

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.