[Esd-l] Trapped zip file logging
SmartD at VMCMAIL.com
Thu Mar 4 07:03:27 PST 2004
John, Could you modify your logging for zip files?
In my log I see the following:
Checking ZIP archive "Info.zip" for poisoning.
Decoding to "/tmp/mailchk.JyuzAS"
Checking zipped "xvpol.exe"
Could the last line say something like "Trapped zipped executable "
I parse these messages for reporting purposes, and this would make for a
simpler grep, as
Trapped excessively long header in
Trapped poisoned executable
Also will come back from a "Trapped" grep
I guess an egrep 'Trapped \"' would get what I want, but just a
More information about the esd-l