-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > McAfee now detects the password protected zip files. (There are other > things you can look for besides trying to decrypt the contents of the > zip filel Also, zip passwords are weak and easily broken anyway.)
Zip files may be /relatively/ easy to brute force, sure, but there's no way I'm turning my mail gateway into a dedicated .zip cracking box. That's insane. As I mentioned, passworded .zip handling is an arms-race I hope anti-virus folks decide not to get embroiled in. It would be trivial to generate a file_id.diz (or readme.txt, or add zip comments, etc.) in order to skirt checksum / file size checks. It would be trivial to harvest plausible file names from a victim's computer to avoid filename matching checks. The only reasonable check would be what Bart suggests, but I'm not comfortable blocking all passworded .zip files containing an executable. Who knows, I might have to change my mind. Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFARh/QR2vQ2HfQHfsRAuC4AJ9wMBdKvdlk6/T5aTW0xuBI2a8gKACfZLXQ FNFpzDxA+rzoLdUQkxkaZsc= =pEyk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
