Tomasz Kojm <[EMAIL PROTECTED]> wrote on 12/03/2004 00:07:01: > On Thu, 11 Mar 2004 12:49:36 +1100 > Jonathan Trott <[EMAIL PROTECTED]> wrote: > > > At the moment, if you put any virus inside an encrypted zip file, > > clamav reports that there isn't a virus in there, which is a false > > negative. Better to report that it couldn't be scanned than there > > wasn't a virus in there. > > No, that's definitely not a false negative. Password protected viruses > are not dangerous (and not interesting to us) as long as they don't > distribute the password. But anyway you should check the > --detect-encrypted option (CVS).
How can you determine that the password is being distributed with the message? How about the situation where a malicious hacker is trying to introduce a trojan into the network via email that contains a password protected zip file with the trojan inside? There wouldn't be a "password in the email" signature for that situation and clamav would have passed it as clean! Clamav should (as I assume the CVS option now does) report that the file could not be scanned, and let who/whatever has called clamav process the file as it sees fit. Do anything but report it as a clean file. Thanks, JT ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
