Scanning Encrypted .Zip Files

Until now, Admins have been blocking .zip files. Do Netbox and Sophos have a solution?

March 12, 2004

1 Min Read
Network Computing logo

FUDBust: First Netbox and then Sophos announced the cracking of encrypted .zip viruses, such as the Bagel worm. Until now, e-mail administrators have been forced to block all .zip files or issue a warning to users not to open encrypted .zip files, even ones from management. Of course, neither strategy is very effective.

The approach these two early birds have taken is to read the password included in the e-mail to decrypt the infected .zip file. This might not seem much better than using a virus dictionary. But as long as the password is passed in open text, the scanners should be able to parse for it, which eliminates the need for constant updates to stay ahead of virus-password morphing.

Post a comment or question on this story.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights