Two ideas: block password protected files: see my patch for this for uvsvan: http://lists.roaringpenguin.com/pipermail/mimedefang/2003-December/018560.html
block zip files with particular name: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-January/019508.html block zip files with particular extension items in them exe in this case: block exe inside zips: http://lists.roaringpenguin.com/pipermail/mimedefang/2004-January/019511.html bagle.F mcafee information: http://vil.nai.com/vil/content/v_101062.htm David F. Skoll said: > On Mon, 1 Mar 2004, Jon R. Kibler wrote: > >> This appears to be the latest attempt to defeat AV scanners who cannot detect malware in zip files that they cannot unzip. The >> worm apparently changes the password on the fly, so that each >> file has a different password -- thus each zip file would have >> a different signature. > > AFAIK, you can always list the contents of a zip file, even a > password-protected one. I guess it's time to look inside zip archives for banned filenames. :-( > > I have no idea if the zip format allows subversion of this technique. > > Regards, > > David. > _______________________________________________ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
