On Tuesday 09 March 2004 10:42 am, James Stevens wrote:
> It may not be the "correct" solution, but could we make a sig based on
> the body of the e-mail these encrypted viruses come attached to, instead
> of the virus itself.
I still think a good solution (until the virus writers change their technique)
is to attempt decryption of the zip file using each word in the body of the
mail as a potential key. It doesn't consume anything like as much in the
way of resources as a brute force attack (which I have previously seen
proposed), and it means we can examine the raw body of the zip file for
positive identification of the contents.
Antony.
--
There's no such thing as bad weather - only the wrong clothes.
- Billy Connolly
Please reply to the list;
please don't CC me.
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Clamav-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-devel
