[Esd-l] Double-zipped virus
John D. Hardin
jhardin at impsec.org
Thu Sep 2 15:25:32 PDT 2004
On Thu, 2 Sep 2004, Simon Matthews wrote:
> I have just received an email that bypassed the scanner, because
> it contains a double-zipped file (I assume). It is an executable
> (masquerading as a screen-saver), inside a zipfile, which is
> inside another zipfile (or the same name).
If you don't wish to accept double-zipped files, then create a
separate poisoned-zipped-files list and put *.zip in that list.
The recommended poisoned-zipped-files list on the website does this.
I do not intend to make the sanitizer recursively scan zip files.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The [assault weapons] ban is the moral equivalent of banning red
cars because they look too fast.
-- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
11 days until the "Scary-Looking Guns" ban expires
More information about the esd-l
mailing list