Re: [Declude.Virus] Banned ZIP with .exe extension

Wed, 20 Oct 2004 15:59:03 -0700

"Another" good reason?  IMO, that's overstepping a bit.  There's no way that I could block zip files for my clients and maintain their business.  The bulletin also indicated that AV vendors had either already updated their products or would do so soon.  Declude also has some protections for zip files with malformed headers that might detect this exploit.

Matt


Tito Macapinlac wrote:
Hi,

Here is a bulletin re: new vulnerability regarding zip files.  Maybe another good
reason to ban zip files if your AV is vulnerable.

http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true


Tito


  
Wednesday, October 20, 2004, 8:48:28 AM, you wrote:
    


  
I am having files blocked since upgrading to 8.1 with this log:

Q59b21fa60030b5ea Banning .ZIP file with EXE extension.


Is this a self-extracting Zip or zipped .exe? This was a firmware
upgrade from Linksys.
      

  
That's a .ZIP file with an .EXE file in it.  If you use BANZIPEXTS ON
(which says to ban all .ZIP files that contain any files with extensions
that you ban) and BANEXT EXE (which bans .EXE files), you'll get the above
message if an E-mail comes in with an .EXE file within a .ZIP file.
    

  
                                                    -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
    

  
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
    

  
---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.
    

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.


  

-- 
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================

Reply via email to