[Esd-l] RE: How is a password protected zip file handled?

Smart,Dan SmartD at VMCMAIL.com
Wed Mar 3 07:05:47 PST 2004


Just wanted to make sure...

Thanks for a super tool!!!  The new zip stuff works flawlessly.

<<Dan>> 

| -----Original Message-----
| From: John D. Hardin [mailto:jhardin at impsec.org] 
| Sent: Tuesday, March 02, 2004 8:03 PM
| To: Smart,Dan
| Cc: Email Security Discussion list
| Subject: RE: How is a password protected zip file handled?
| 
| On Tue, 2 Mar 2004, Smart,Dan wrote:
| 
| > Do I need to add the + sign to my zip_poisoned list?
| 
| No, the POSIX "unzip" tool (at least the one I have) does not 
| add the "+" sign to ZIP listings, so the sanitizer doesn't 
| have a problem with it. That appears to be a Windows-ism of 
| some sort, as the "+" sign does not appear within the raw 
| .ZIP file either.
| 
| If you care to verify, create a password-protected ZIP file 
| containing an executable and mail it to yourself.
| 
| > See following Email:
| > 
| ======================================================================
| > ======
| > 
| > I've found that the A/V software does see the file within the ZIP 
| > archive, but cannot process it because it does not recognize the 
| > extension.  When the archive is password protected, the 
| file enclosed 
| > receives a "+" character at the end of the extension (ie test.exe 
| > becomes test.exe+)  Since the A/V software doesn't 
| recognize that kind of extension, it lets it pass thru.
| 
| If someone can create a password-protected or encrypted ZIP 
| file that displays this behavior, I'd like a copy of it.
| 
| --
|  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
|  jhardin at impsec.org                        pgpk -a jhardin at impsec.org
|  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
| --------------------------------------------------------------
| ---------
|   "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
|   does quite what I want. I wish Christopher Robin was here."
| 				-- Peter da Silva in a.s.r
| --------------------------------------------------------------
| ---------
|    32 days until the Slovakian Presidential Election
| 


More information about the esd-l mailing list