Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Backdoor not recognized by Kaspersky
From: Cael Abal <lists2 () onryou com>
Date: Wed, 03 Mar 2004 12:58:56 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cael...take a more sensible approach...no password parsing to scan
needed...have the AV/mail gateways stop any zip with any executable
inside. You don't need to use the password to see that there is an
.exe/.scr/.com/.whatever inside a zip.  You see it, you nuke the zip.
If your policies allow zipped executables to meander through your mail
system as long as they pass a virues scan, you must have damned busy 0
days.  This ain't complicated...at all.

Hi Bart,

Interesting suggestion but I'm not prepared to arbitrarily kill any
zipped executable (even just those which have been passworded).  I'm
just not comfortable with the false-positives.

Historically, passworded .zip files have been the only remotely
acceptable way to e-mail executables.  I'm hesitant to give that up.

I'd still rather allow all passworded .zips and rely on the client's AV
to nab it.

take care,

Cael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFARhzgR2vQ2HfQHfsRAs3cAKCadpIZHrs4IAekAgzsH9lA9+V1tgCeJKLt
xeNUFGPnYnBA9kZXKIFOFas=
=/9B3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]