Stef <[EMAIL PROTECTED]> wrote: > Someone on the ntbugtrack list mentioned earlier another possible > solution for A/V gateways: checking for the extension of > known-to-be-infected files, and appending the "+" sign at the end (e.g. > .exe+). I have tried this on my first layer Norton Gateway, as well as > my second tier email A/V - the TrendMicro one (and variations of such - > e.g. *.exe+, *.exe*, *exe+, etc.), and have not been successful ... > anybody else having attempted something similar (the reason for the "+" > is the obvious extension name change inside the ZIP, if there is a > password protected file) ?
That "+" business (sorry, URL may wrap): http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0403&L=ntbugtraq &F=P&S=&P=70 is some weird artefact of that poster's system or their use of (a specific version of) NAV. It does _NOT_ generalize. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
