>>The problem is the antivirus installed in the perimeter, that does not detect those samples. Exist some antivirus that detects the ZIP infected without knowing the password:
I'm sure more of these detect it by now. I suppose SOP for these scanners has been to extract files from ZIPs and scan them, but they need a more complex procedure now. Is it possible that portions of the encrypted ZIP are consistant enough regardless of the key that they can identify it? If not, for this particular case they could hack at the ZIP file and use the message body as a dictionary. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
