uvscan is detecting zipped/passworded bagle zip's as
Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this?
-Eric
On Wed, 3 Mar 2004, Lucas Albers wrote:
Tomasz Papszun said:
WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED
as infected by ClamAV AFTER
On Fri, 5 Mar 2004 13:31:35 -0800 (PST)
[EMAIL PROTECTED] wrote:
uvscan is detecting zipped/passworded bagle zip's as
Worm.Bagle.Gen-zippwd. Any ideas as to how they might be doing this?
Please don't top post.
That's not your uvscan but ClamAV detecting the worm.
--
oo.
Paul Boven wrote:
How about only trying every word in the mail-body as a key to try,
instead of brute-forcing? The virus(-writer) cannot afford to fudge the
password in the mail-body: One would hope that the subset of users that
is clever enough to reconstruct the password, yet stupid enough
But...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chris
Meadors
Sent: Tuesday, March 02, 2004 11:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Password-protected .zip file viruses
Paul Boven wrote:
How about only trying every word
Jesper Juhl wrote:
What I'm thinking is; Would it be feasible to add an option to attempt to
brute-force-crack the passwords on zip files when scanning them?
Yes, it would slow down scanning immensely, and there's *no* way it should
ever be a default option, but zip file passwords are /resonably/
-Original Message-
From: [EMAIL PROTECTED] [mailto:clamav-users-
[EMAIL PROTECTED] On Behalf Of Jesper Juhl
Sent: 3. marts 2004 02:55
To: [EMAIL PROTECTED]
Subject: Re: [Clamav-users] Password-protected .zip file viruses
What I'm thinking is; Would it be feasible to add an option
There used to be a utility, way back in my OS/2 days, I think it was called
Stripper or something like that. It removed the HTML crap from files
leaving only the plain text...
Shawn
On Wed, 03 Mar 2004 07:43:35 + Chris Meadors [EMAIL PROTECTED]
exclaimed:
Good point. That should take
Tomasz Papszun said:
WE ASK USERS TO NOT SUBMIT naked zip files IF their contents is DETECTED
as infected by ClamAV AFTER UNZIPPING. It's a utter waste of our time,
which results in delays in processing really significant samples!
Why not add this on the web submittal nag screen?
Luke Computer
Clearly the virus DB maintainers are inundated with password-protected
.zip files with viruses inside.
I think I understand the technical impossibility of making a signature for
these - the .zip header is the same, and then the filenames inside are
randomized, as is the password, and thus the
On Tue, 2 Mar 2004, Charlie Watts wrote:
Clearly the virus DB maintainers are inundated with password-protected
.zip files with viruses inside.
I think I understand the technical impossibility of making a signature for
these - the .zip header is the same, and then the filenames inside are
On Wed, 3 Mar 2004 02:54:35 +0100 (CET)
[EMAIL PROTECTED] (Jesper Juhl) wrote:
On Tue, 2 Mar 2004, Charlie Watts wrote:
Clearly the virus DB maintainers are inundated with
password-protected.zip files with viruses inside.
I think I understand the technical impossibility of making a
On Wed, 3 Mar 2004, Rembrandt wrote:
On Wed, 3 Mar 2004 02:54:35 +0100 (CET)
[EMAIL PROTECTED] (Jesper Juhl) wrote:
On Tue, 2 Mar 2004, Charlie Watts wrote:
Clearly the virus DB maintainers are inundated with
password-protected.zip files with viruses inside.
I think I
: [Clamav-users] Password-protected .zip file viruses
On Tue, 2 Mar 2004, Charlie Watts wrote:
Clearly the virus DB maintainers are inundated with password-protected
.zip files with viruses inside.
I think I understand the technical impossibility of making a
signature
13 matches
Mail list logo