I beg to differ that it is nonsense.
Viruses penetrated my network via e-mail using double-zip files. This makes it a
vulnerability.
Apparently from the mailing list this happened to other Declude users too.
When a hole is found in my security like this, I look to see what I can do to block
this hole.
I can't block zip files because they are used too often in business communication.
I can't count on the virus definitions being updated before I am hit with virus.
Nobody can.
Given the capability, I could deny zip files within zip files. I see no overriding
business reason to allow them. This would effectively block the hole.
That's not nonsense, it's common sense.
Using your logic,
AV programs have properly handled .EXE files for years. Why should there be a Declude
option to block them?
Scott Fisher
Director of IT
Farm Progress Companies
>>> [EMAIL PROTECTED] 07/27/04 03:18PM >>>
>Now that zip files containing .zip files are a known virus threat, will
>there be a Declude update to block this virus vulnerability? I think we
>can certainly expect to see more of these in the future. I'd also like to
>see this as a high priority from Declude.
This has a zero priority.
Why? Because this "double-zipped" stuff is nonsense. :) Yes, this is the
first virus reported to double-zip. But it isn't a vulnerability! It's
something that AV programs have handled properly for many years.
>Making BANZIPEXTS recursive is another option.
Unfortunately, this is highly unlikely to happen (the main problem being
that it would require decompressing the .ZIP files, which requires a very
large amount of code).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
