[Esd-l] ZIP scanning, take two (repost)

Eric Andreychek Eric.Andreychek at rwcwarranty.com
Mon Feb 23 06:33:16 PST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Howdy,

On Sun, 22 Feb 2004, John D. Hardin wrote:
> Question: should I make the "ZIPPED_EXECUTABLES=$POISONED_EXECUTABLES"
> the default behavior? In other words, should I force you to think
> about your zipped files policy by making it reject everything if you
> don't give a policy, or should ZIPs be trusted by default unless you
> want to be more careful.

You're already distributing the sanitizer with the default to mangle exe files
(outside of zip files).  At this point in time, I would consider exe files
within zips as dangerous as those outside.

Why?  Well, like many others on this list, we've spent the last five years
training everyone to use zip files if they really need to be sending certain
executable files around.  Of course, we also attempt to train them to not open
files from those they don't know, but that doesn't always work for several
reasons.

Throughout the last five years, the only virus that's ever gotten onto a
computer via email was because of this last NetSky virus.  It came in a zip
file from someone they thought they knew, and they proceded to say:

  "Oh my, an executable attachment for me!  I must run it!"

Alas, it wasn't hard to clean up, but our undefeated record was tainted :-)

I guess I'm saying that since we view exe files as dangerous and we mangle them
by default, I feel that those same files *within* zip files are equally as
dangerous, and should not be trusted.
  -Eric



- -- 
Eric Andreychek
Residential Warranty Corporation
(717) 561-4480 x2245
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAOg8sR5UKaDAjAG4RAgfiAKDhg5EqzLlsEoexGqxNXR/DyUg4hwCeOw4F
w+vdOKcwu5od5Bw+jwFh2xQ=
=QbGp
-----END PGP SIGNATURE-----


More information about the esd-l mailing list