Clamav has missed a few zip virii lately. I believe variants of the Mytob
virus. Most of them when unzipped have the same format:
[EMAIL PROTECTED] tmp]# unzip accepted-password.zip
Archive: accepted-password.zip
extracting: accepted-password.txt
.exe
Notice lots and lots of spaces in the filename to fool users into thinking
it's a .txt file. Has anyone coded a MD rule to check for more than say
10 consequtive spaces in a filename in a zip file? Should be pretty
simple, just haven't had time to look at it yet...
Also any suggestions for an anti-virus (commercial or not) to supplement
ClamAV?
(PS i'm not trying to discredit clam, it's a great tool and we use it a
lot. i do submit the samples when i come across them. defense in layers
is always better though...)
ray
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Engineer Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
