Clearly the virus DB maintainers are inundated with password-protected .zip files with viruses inside.
I think I understand the technical impossibility of making a signature for these - the .zip header is the same, and then the filenames inside are randomized, as is the password, and thus the encrypted body has nothing recognizable - so there isn't anything available to make a signature off of. We don't want to waste your time submitting these - would it be useful to put a comment on the virus submission page that you just don't want these? I see that there have been a few rejected, stating that you'd need the *complete* E-mail - are you looking for other characteristics of the complete E-mail message, something not specifically tied to the attachment? -- Charlie Watts Brainstorm Internet 970 247-1442 x113 [EMAIL PROTECTED] http://www.brainstorminternet.net/ ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users