mailing list archives
Re: Backdoor not recognized by Kaspersky
From: Cael Abal <lists2 () onryou com>
Date: Wed, 03 Mar 2004 12:58:56 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Cael...take a more sensible approach...no password parsing to scan
needed...have the AV/mail gateways stop any zip with any executable
inside. You don't need to use the password to see that there is an
.exe/.scr/.com/.whatever inside a zip. You see it, you nuke the zip.
If your policies allow zipped executables to meander through your mail
system as long as they pass a virues scan, you must have damned busy 0
days. This ain't complicated...at all.
Interesting suggestion but I'm not prepared to arbitrarily kill any
zipped executable (even just those which have been passworded). I'm
just not comfortable with the false-positives.
Historically, passworded .zip files have been the only remotely
acceptable way to e-mail executables. I'm hesitant to give that up.
I'd still rather allow all passworded .zips and rely on the client's AV
to nab it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
RE: Backdoor not recognized by Kaspersky Full-Disclosure (Mar 03)
Re: Backdoor not recognized by Kaspersky Suresh Ponnusami (Mar 03)
RE: Backdoor not recognized by Kaspersky Aditya, ALD [Aditya Lalit Deshmukh] (Mar 03)
RE: Backdoor not recognized by Kaspersky Ron DuFresne (Mar 04)
Re: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 04)
Re: Backdoor not recognized by Kaspersky Michael Gale (Mar 04)
Re: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
SMTP open relays and RFC (was: Backdoor not recognized by Kaspersky) Martin Mačok (Mar 04)
Message not availableRe: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 04)
RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)