Security Incidents mailing list archives
Re: unknown trojan (attached)
From: jlgaddis () BLUERIVER NET (Jeremy L. Gaddis)
Date: Sun, 11 Jun 2000 01:38:31 -0500
All right, I'm wondering why you, or others, feel that adding a password to a zipped file is useful. I would have liked to take a quick look at it, but I do not look at that sort of thing on a windows machine
There are several hundred users on this list. Many of them are subscribed at work, where incoming e-mail passes through virus scanners. Most virus scanners are smart enough to decompress zip files and scan their contents. If a virus *is* encountered, the message is usually just discarded. This wouldn't do me any good if a virus scanner found out what it was, but just discarded it.
Please, either take the password off the file at your site, or help me to understand why you feel that adding a password is useful. Yes, there are ways around it (for me), but you are asking for help or advice. Adding a password (that you announced to the list, anyway) does not make zip in any of its incarnations more secure. Use pgp for that.
I wasn't trying to "secure" the file, just allow it to pass through virus scanners. The file is also available gzip'd, at: http://www.blueriver.net/~jlgaddis/trojan.exe.gz. -jg -- Jeremy L. Gaddis <jlgaddis () blueriver net>
Current thread:
- Re: unknown trojan (attached) Jeremy L. Gaddis (Jun 10)
- <Possible follow-ups>
- Re: unknown trojan (attached) Nick FitzGerald (Jun 13)