I believe the point is, your mail scanner should be able to scan something as simple as zip compressed attachments. If it can't, you may want to rethink which program you use. Most open source and commercial scanners can scan inside zip files.
mike
On Sat, 28 Feb 2004, Rubens Kuhl Jr. wrote:
It's annoying how easily these things spread even though they don't
rely
on
a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*, so it requires opening the zipfile and then running the program inside it. Of course everyone will run it, even though it's named dygfwefuih.exe (random characters before .exe). <grumble>
Being in a zipfile is exactly why these things work: most mail systems nowadays drop executable attachments without mercy, but a zipfile may be a compressed document. Not every mail system screen incoming messages with anti-virus.
People writing this worms don't know just a bit about human behaviour,
I'm not aware of any mail scanner that does this without running an external anti-virus or something alike, although is not that intensive to follow the zip headers (as they already do with the MIME headers in order to drop external attachments). Most scanners can accept an anti-virus plugin and them scan inside zip files, but that requires more processing power, more queue disk space, more RAM, more administration to update virus patterns, and so on. The cost/benefit usually pays off, but more complexity means less people will adopt the solution, thus making worm spreading easier. Rubens ----- Original Message ----- From: "Michael Wiacek" <lists@iroot.net> To: "Rubens Kuhl Jr." <rubens@email.com> Cc: "Todd Vierling" <tv@duh.org>; <nanog@merit.edu> Sent: Sunday, February 29, 2004 11:16 PM Subject: Re: Possibly yet another MS mail worm they
seem to keep up with trends in mail systems administration as well.
Rubens
!DSPAM:404137ae74191246918873!