On Mon, 1 Mar 2004, Jon R. Kibler wrote: > This appears to be the latest attempt to defeat AV scanners who > cannot detect malware in zip files that they cannot unzip. The > worm apparently changes the password on the fly, so that each > file has a different password -- thus each zip file would have > a different signature.
AFAIK, you can always list the contents of a zip file, even a password-protected one. I guess it's time to look inside zip archives for banned filenames. :-( I have no idea if the zip format allows subversion of this technique. Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
