[Esd-l] Double-zipped virus

John D. Hardin jhardin at impsec.org
Thu Sep 2 15:25:32 PDT 2004

On Thu, 2 Sep 2004, Simon Matthews wrote:

> I have just received an email that bypassed the scanner, because
> it contains a double-zipped file (I assume). It is an executable
> (masquerading as a screen-saver), inside a zipfile, which is
> inside another zipfile (or the same name).

If you don't wish to accept double-zipped files, then create a
separate poisoned-zipped-files list and put *.zip in that list.

The recommended poisoned-zipped-files list on the website does this.

I do not intend to make the sanitizer recursively scan zip files.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The [assault weapons] ban is the moral equivalent of banning red
  cars because they look too fast.
                                   -- Steve Chapman, Chicago Tribune
   11 days until the "Scary-Looking Guns" ban expires

More information about the esd-l mailing list