Re: unknown trojan (attached)

[jlgaddis () BLUERIVER NET (Jeremy L. Gaddis)]

> All right, I'm wondering why you, or others, feel that adding a password
> to a zipped file is useful. I would have liked to take a quick look at
> it, but I do not look at that sort of thing on a windows machine

There are several hundred users on this list.  Many of them are subscribed
at work, where incoming e-mail passes through virus scanners.  Most virus
scanners are smart enough to decompress zip files and scan their contents.
If a virus *is* encountered, the message is usually just discarded.  This
wouldn't do me any good if a virus scanner found out what it was, but just
discarded it.

> Please, either take the password off the file at your site, or help me
> to understand why you feel that adding a password is useful. Yes, there
> are ways around it (for me), but you are asking for help or advice.
> Adding a password (that you announced to the list, anyway) does not make
> zip in any of its incarnations more secure. Use pgp for that.

I wasn't trying to "secure" the file, just allow it to pass through virus
scanners.  The file is also available gzip'd, at:

http://www.blueriver.net/~jlgaddis/trojan.exe.gz.

-jg

--
Jeremy L. Gaddis   <jlgaddis () blueriver net>