Firewall Wizards mailing list archives
RE: Email encryption and virus scanning
From: "Gautier . Rich" <RGautier () drc com>
Date: Tue, 21 May 2002 07:14:00 -0400
Actually, many of the virus scanning programs these days can scan into .zip, .tar and .tgz attachments to find bugs that have been hidden. Of course, virus creators know about these, and may attempt to maim them by creating invalid .zip files, or .zip files that contain a file that is trillions of '1''s that compress into very small compressed files, but can overwhelm the memory and/or tempspace of a virus scanning system. Richard A. Gautier http://rgautier.tripod.com/ -----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Monday, May 20, 2002 3:17 PM To: Ryan Russell Cc: Prabhakar Mallya; firewall-wizards () nfr com Subject: Re: [fw-wiz] Email encryption and virus scanning I keep thinking the original requestor meant attachments that are infected/compressed rather then encrypted smpt? Thanks, Ron DuFresne On Sun, 19 May 2002, Ryan Russell wrote:
On Fri, 17 May 2002, Prabhakar Mallya wrote:Any suggestions on best practices that one can follow on one's desktop to avoid harm from viruses carried by encrypted mail in one's inbox?How would an email with a virus get encrypted? Sure, I suppose on the rare occasion that someone might unknowingly send you a Word doc that was infected while intentionally encrypting the email.. but for the most part, people with enough clue to use encryption don't get themselves infected often. I've yet to see a virus/worm that looked for keyrings, and then encrypted itself for each recipient. Sure, it's possible.. but there would be such a tiny fraction of the email addresses available to the worm that had keys, why bother? There are other possibilities... such as passworded .zip files, with the password in the email body (which is the preferred way to ship malicious code around on purpose, for those who analyze it.) Just block or hold any .zip file at your gateway that you can't open. I really don't think we'll see any of these used in the wild for mass spreaders... they would be counter-productive to spreading. Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Email encryption and virus scanning, (continued)
- Re: Email encryption and virus scanning Don Kendrick (May 22)
- Re: Email encryption and virus scanning Frederick M Avolio (May 22)
- Re: Email encryption and virus scanning Dave Piscitello (May 22)
- Re: Email encryption and virus scanning Frederick M Avolio (May 22)
- Re: Email encryption and virus scanning Frank Knobbe (May 31)
- Re: Email encryption and virus scanning Dave Piscitello (May 22)
- Re: Email encryption and virus scanning Crispin Cowan (May 22)
- Re: Email encryption and virus scanning t (May 21)
- Re: Email encryption and virus scanning Frederick M Avolio (May 21)
- Re: Email encryption and virus scanning Antonomasia (May 21)
- Re: Email encryption and virus scanning Dave Piscitello (May 22)
- RE: Email encryption and virus scanning Gautier . Rich (May 21)
- Re: Email encryption and virus scanning Adam Shostack (May 22)
- RE: Email encryption and virus scanning Hill, Keith (May 22)
- Re: Email encryption and virus scanning ark (May 23)