Scanning Encrypted .Zip Files
Until now, Admins have been blocking .zip files. Do Netbox and Sophos have a solution?
March 12, 2004
FUDBust: First Netbox and then Sophos announced the cracking of encrypted .zip viruses, such as the Bagel worm. Until now, e-mail administrators have been forced to block all .zip files or issue a warning to users not to open encrypted .zip files, even ones from management. Of course, neither strategy is very effective.
The approach these two early birds have taken is to read the password included in the e-mail to decrypt the infected .zip file. This might not seem much better than using a virus dictionary. But as long as the password is passed in open text, the scanners should be able to parse for it, which eliminates the need for constant updates to stay ahead of virus-password morphing.
You May Also Like