I'm not sure if the one I had was password-protected - I opened the zip file and was able to see the file but didn't double click it to see if it would ask for a password at that point. We did try creating a separate zip file that was password protected and it would display the file and ask for the password when you tried to actually view the file.
The virus message indicated that it did need the password that was included as well. Here's a note from the nt-bugtrack list: >With the release of Beagle.H and Beagle.I, virus writers started enclosing >the infected files within password protected ZIP files. This negated the >ability of A/V software to view the enclosed file within. > >I've found that the A/V software does see the file within the ZIP archive, >but cannot process it because it does not recognize the extension. When the >archive is password protected, the file enclosed receives a "+" character at >the end of the extension (ie test.exe becomes test.exe+) Since the A/V >software doesn't recognize that kind of extension, it lets it pass thru. > >I found that by adding the "+" character to file extensions that are blocked >(.exe+, .cmd+, .vbs+ etc etc), the A/V software can now recognize that file >extension and perform the necessary actions on it. > >I've only tested this out on Norton Anti-Virus for Exchange V2.1, but it >should work on the other A/V software programs. This may help you, also I'd like to be able to block this virus with postfix and not have to rely uvscan, so a regular expression that anyone can come up with would be nice. -Mitch > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Kenzo > Sent: Wednesday, March 03, 2004 1:54 PM > To: [EMAIL PROTECTED] > Subject: [IMGate] Re: Latest twist on new virus > > > I have the same settings yet they are still coming thru. > are you blocking the password protected ones? > >
