[Esd-l] RE: How is a password protected zip file handled?

John D. Hardin jhardin at impsec.org
Tue Mar 2 18:02:48 PST 2004

On Tue, 2 Mar 2004, Smart,Dan wrote:

> Do I need to add the + sign to my zip_poisoned list?

No, the POSIX "unzip" tool (at least the one I have) does not add the
"+" sign to ZIP listings, so the sanitizer doesn't have a problem with
it. That appears to be a Windows-ism of some sort, as the "+" sign
does not appear within the raw .ZIP file either.

If you care to verify, create a password-protected ZIP file containing
an executable and mail it to yourself.

> See following Email:
> ============================================================================
> I've found that the A/V software does see the file within the ZIP archive,
> but cannot process it because it does not recognize the extension.  When the
> archive is password protected, the file enclosed receives a "+" character at
> the end of the extension (ie test.exe becomes test.exe+)  Since the A/V
> software doesn't recognize that kind of extension, it lets it pass thru.

If someone can create a password-protected or encrypted ZIP file that
displays this behavior, I'd like a copy of it.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
   32 days until the Slovakian Presidential Election

More information about the esd-l mailing list