On Tue, 2 Mar 2004 04:14:52 -0800 (PST) [EMAIL PROTECTED] exclaimed:
>
> > Worm.Bagle.H found in unzipped file. It\'s impossible
> > to create signature of encrypted zip file.
>
> This new infection method is likely to drive us nuts. This is the
> password-less workaround I've come up with and
02, 2004 11:05 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] password-protected Worm.Bagle.H
>
I think clamav should return a certain value if the zip file is deemed
clean because it's encrypted, so that glue programs like amavisd-new can
allow people to control when encrypted
On Tue, Mar 02, 2004 at 09:38:11PM -0800, Shawn Tayler wrote:
> On Tue, 2 Mar 2004 17:07:53 +0100 Erik Corry <[EMAIL PROTECTED]> exclaimed:
>
> > The question is how much of a problem it really is. Are users
> > really that dumb?
> >
> > What I'm wondering is whether the encrypted version of the
On Tue, 2 Mar 2004, Erik Corry wrote:
> On Tue, Mar 02, 2004 at 11:59:19AM -0600, John Jolet wrote:
> >
> >> The question is how much of a problem it really is. Are users
> >> really that dumb?
> >
> > yes, they are. i've gotten about 10 of those in the last 3 days.
>
> That doesn't actually pro
On Tue, Mar 02, 2004 at 09:38:11PM -0800, Shawn Tayler wrote:
> On Tue, 2 Mar 2004 17:07:53 +0100 Erik Corry <[EMAIL PROTECTED]> exclaimed:
>
> > The question is how much of a problem it really is. Are users
> > really that dumb?
> >
>
> Given the level of replication I'm seeing on this bug, I'
On Tue, 2 Mar 2004 17:07:53 +0100 Erik Corry <[EMAIL PROTECTED]> exclaimed:
> The question is how much of a problem it really is. Are users
> really that dumb?
>
> What I'm wondering is whether the encrypted version of the
> virus can be created by the unencrypted version, or whether the
> encry
On Tue, 2 Mar 2004 18:08:15 -0800 (PST)
[EMAIL PROTECTED] wrote:
>
> > It gives nothing as copies of Worm.Bagle.H (and previous variants
> > also) vary in their contents and even sizes. So checksums are
> > different.
>
> We have started to see this as well -- we only caught a few w/ the
> hard-
> It gives nothing as copies of Worm.Bagle.H (and previous variants also)
> vary in their contents and even sizes. So checksums are different.
We have started to see this as well -- we only caught a few w/ the
hard-coded crc hack. This is not perfect either and it falls in line with
one gentlema
on my qmail server qmail-scanner do this job for me.
google for qmail-scanner
- Original Message -
From: "Erik Corry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 02, 2004 9:11 PM
Subject: Re: [Clamav-users] password-protected Worm.Bagle.H
On Tue, Mar 02, 2004 at 11:59:19AM -0600, John Jolet wrote:
>
>> The question is how much of a problem it really is. Are users
>> really that dumb?
>
> yes, they are. i've gotten about 10 of those in the last 3 days.
That doesn't actually prove that anyone typed in the password
and got infected
The question is how much of a problem it really is. Are users
really that dumb?
What I'm wondering is whether the encrypted version of the
virus can be created by the unencrypted version, or whether the
encrypted versions of the virus we have seen have all been
produced by actual encrypted-zip in
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Erik Corry
>
> The question is how much of a problem it really is. Are users
> really that dumb?
>
> What I'm wondering is whether the encrypted version of the
> virus can be created by the unencr
On Tue, Mar 02, 2004 at 07:38:59AM -0800, Mitch (WebCob) wrote:
>
> Seeing how quickly this could get out of hand, and how hard it would be to
> write code to "read" the password from the mail - how about a simple option
> that allows full rejection of password encrypted archives - or optional
> (
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Diego
> d'Ambra
> Sent: Tuesday, March 02, 2004 4:55 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Clamav-users] password-protected Worm.Bagle.H
>
>
> > -Original M
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
> Sent: 2. marts 2004 13:15
> To: [EMAIL PROTECTED]
> Subject: Re: [Clamav-users] password-protected Worm.Bagle.H
>
> Suggestions? There are
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
>
> This new infection method is likely to drive us nuts. This
> is the password-less workaround I've come up with and your
> input is appreciated.
> The unix unzip output looks like so:
>
>$ u
On Tue, 02 Mar 2004 at 4:14:52 -0800, [EMAIL PROTECTED] wrote:
>
> > Worm.Bagle.H found in unzipped file. It\'s impossible
> > to create signature of encrypted zip file.
>
> This new infection method is likely to drive us nuts. This is the
> password-less workaround I've come up with and your i
> Worm.Bagle.H found in unzipped file. It\'s impossible
> to create signature of encrypted zip file.
This new infection method is likely to drive us nuts. This is the
password-less workaround I've come up with and your input is appreciated.
The unix unzip output looks like so:
$ uvscan -lv
18 matches
Mail list logo
