system
1
Hi,I recieve Fred Langa’s newsletter here is a suggestion to help deal with the new zip file viruses, I haven’t tried it with avast yet, will this work?
- Making Sure Your Antivirus Tools Can Work Inside Zips
This excellent tip was posted on the “Bugtraq” mailing list; it helps AV
tools block the content of password-protected Zip files like the
malicious one discussed in the previous item:
With the release of Beagle.H and Beagle.I, virus writers
started enclosing the infected files within password protected
ZIP files... I've found that the A/V software does see the
file within the ZIP archive, but cannot process it because it
does not recognize the extension. When the archive is
password protected, the file enclosed receives a "+" character
at the end of the extension (ie test.exe becomes test.exe+)
Since the A/V software doesn't recognize that kind of
extension, it lets it pass thru.
I found that by adding the "+" character to file extensions
that are blocked (.exe+, .cmd+, .vbs+ etc etc), the A/V
software can now recognize that file extension and perform the
necessary actions on it.
I've only tested this out on Norton Anti-Virus for Exchange
V2.1, but it should work on the other A/V software programs. -
--Mike Maloney, Sr. System Engineer, Middlesex County College
RejZoR
2
It seems this isn’t working in avast…
system
3
Hey RejZoR, Hopefully it will work with avast in the future?
also your second link in your signature does not seem to work?=
My program: avast! External Control Tool
igor0
4
As I already said in another thread today, the original message is complete nonsence.
AV Software doesn’t have any troubles in seeing the file - it just can’t unpack it, because the file is password protected. Adding a +, or whatever other sign into some configuration certainly won’t change anything about it.
The name of password-protected files is also not changed in any way.
I don’t know if the + sign has any special meaning in NAV for Exchange configuration (such as blocking given file types completely, without checking anything else), but in general I’d suggest to ignore the message.