] Bagle.J / news.com article on AV software
opening zipped files.
how would you ban encrypted zips...
signed
Confused (aka Bennie)
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 6:22 PM
Subject: Re
should or not be doing?
Peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Monday, 8 March 2004 9:21 p.m.
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Bagle.J / news.com article on AV software
opening zipped files
how would you ban encrypted zips...
signed
Confused (aka Bennie)
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 6:22 PM
Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software
opening zipped files
the minimum that would be practicaly usable for us :
1- Notifications based on banned extension: ONLYSENDIFEXT, SKIPIFEXT
This we hope to add.
2-BANEZIPEXT2 independant from banext, as in
BANEZIPEXT2 exe
BANEZIPEXT2 com
BANEXT scr
BANEZIPEXT ON
This we will likely be adding.
3-
I do believe that JunkMail Pro can be used to look at the base64 code of
the message, and if you can pull the proper header out, you can tag the
attachment type. This is what I was looking to do when I was asking for
someone to send me a copy of the virus early on, apparently there is a
one
By detecting the file type instead of just the extension, and allowing
configurable actions based on detected filetype, we could avoid future
viruses that ask the user to rename the file upon receipt.
But, that prevents people from doing the same for good purposes, too. So
you can no longer say
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 04, 2004 11:22 PM
Subject: Re: [Declude.Virus] Bagle.J / news.com article on AV software
opening zipped files.
that is going to be a chalenge for scott to incorporate in declude :)
It's unlikely that we will do this. It makes for a great