RE: Email encryption and virus scanning

["Gautier . Rich" <RGautier () drc com>]

Actually, many of the virus scanning programs these days can scan into .zip,
.tar and .tgz attachments to find bugs that have been hidden.  Of course,
virus creators know about these, and may attempt to maim them by creating
invalid .zip files, or .zip files that contain a file that is trillions of
'1''s that compress into very small compressed files, but can overwhelm the
memory and/or tempspace of a virus scanning system.

Richard A. Gautier
http://rgautier.tripod.com/


-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com]
Sent: Monday, May 20, 2002 3:17 PM
To: Ryan Russell
Cc: Prabhakar Mallya; firewall-wizards () nfr com
Subject: Re: [fw-wiz] Email encryption and virus scanning




I keep thinking  the original requestor meant attachments that are
infected/compressed rather then encrypted smpt?

Thanks,

Ron DuFresne

On Sun, 19 May 2002, Ryan Russell wrote:

> On Fri, 17 May 2002, Prabhakar Mallya wrote:
>
> > Any suggestions on best practices that one can follow
> > on one's desktop to avoid harm from viruses carried by
> > encrypted mail in one's inbox?
>
> How would an email with a virus get encrypted?  Sure, I suppose on the
> rare occasion that someone might unknowingly send you a Word doc that was
> infected while intentionally encrypting the email.. but for the most part,
> people with enough clue to use encryption don't get themselves infected
> often.
>
> I've yet to see a virus/worm that looked for keyrings, and then encrypted
> itself for each recipient.  Sure, it's possible.. but there would be such
> a tiny fraction of the email addresses available to the worm that had
> keys, why bother?
>
> There are other possibilities... such as passworded .zip files, with the
> password in the email body (which is the preferred way to ship malicious
> code around on purpose, for those who analyze it.)  Just block or hold any
> .zip file at your gateway that you can't open.
>
> I really don't think we'll see any of these used in the wild for mass
> spreaders... they would be counter-productive to spreading.
>
>                                       Ryan
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards