Mallesons Stephen Jaques www.mallesons.com Confidential communication NAI speciaifically added the latest ones as they know the passwords under normal operation it wont do it John Rowlandson Technical Support Specialist Mallesons Stephen Jaques Sydney T +61 2 9296 3653 F +61 2 9296 3999 john.rowlandson@xxxxxxxxxxxxx -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Wakelin, Frank Sent: Friday, 5 March 2004 11:42 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) Actually our NAI product is detecting the password protected ZIPs =3D themselves as viruses. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Evan Mann Sent: March 4, 2004 2:11 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) Woops! I read as MailEssentials not MailSecurity, which is why I didn't see the feature!=3D3D20 -----Original Message----- From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx] Sent: Friday, 5 March 2004 9:21 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) Ummmm...it's under the Decompression Engine Settings in my version 8.0 Nick -----Original Message----- From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=3D3D3D20 Sent: 04 March 2004 16:26 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) How does it decompress it without the password? Are they running a cracking program to get the password so it can scan the archive? I am using MailSecurity at another office and see nothing in settings about this feature. Is it just something they say it does?=3D3D3D3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen Herrera Sent: Thursday, March 04, 2004 10:12 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) GFI MailSecurity's decompression engine checks password protected =3D3D =3D3D3D3D3D archives. steve -----Original Message----- From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=3D3D3D3D3D20 Sent: Thursday, March 04, 2004 6:22 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus =3D3D3D3D3D (passwordprotected .zips) Blocking the specific filename attachments that Bagle and it's variants use. These are documented by SARC and others. This lets me accepts legit .ZIPs but not the virus. This is a short term option as I expect, very soon, a variant (or new virus) that randomly generates encrypted .ZIPs.=3D3D3D3D3D3D20 Some people on Focus-VIRUS mailing list are blocking attachment under a certain size. Others block .ZIP entirely. The only methods are filtering methods. No AV scanning products can pick up the virus itself inside a password protected ZIP. The AV companies need to come up with something quick! =3D3D3D3D3D3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Rogers Sent: Thursday, March 04, 2004 9:02 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips) We've got Clearswifts Mailsweeper here, and have blocked (well, ok, mailswe=3D3D3D3D3D3D3D eper distribute lists) all the phrases that the = =3D worms =3D3D =3D3D3D =3D3D3D3D use. We've also got s=3D3D3D3D3D3D3D ize limits set on the attachments, so we = =3D can =3D3D =3D3D3D =3D3D3D3D stop =3D3D3D3D3D =3D3D3D3D3D3D all attachments of type =3D x=3D3D3D3D3D3D3D under =3D3D size y! Andrew --o-- >>> BClaus@xxxxxxxxxxxxx 04/03/04 13:28:12 >>> Just wondering what others are doing to combat the latest BAGLE worm. =3D3D3D3D3D3D3D3D It's password protected so standard AV won't scan into = =3D it. =3D3D3D =3D3D3D3D How =3D3D3D3D3D is =3D3D3D3D3D3D3D3D everyone else = handling =3D delivery =3D3D of .zip files =3D3D3D now? We're using the Trend Micro AV suite. Do you think the latest password protected BAGLE worm has caused the = =3D3D =3D3D3D3D =3D3D3D3D3D3D =3D3D3D3D3D3D3D3D demise of password protected .zip files? My immediate opinion in the matter is that password protected .zip files =3D3D3D3D3D3D3D3D will now be treated with the same delivery = restrictions =3D =3D3D that =3D3D3D =3D3D3D3D the .exe, =3D3D3D3D3D3D3D3D .scr, .pif, .vbs have come = under =3D but =3D3D I'm not aware of =3D3D3D3D any =3D3D3D3D3D AV software or =3D3D3D3D3D3D3D3D = other =3D means to differentiate scanning =3D3D3D3D options =3D3D3D3D3D between p\w = protected =3D .zip =3D3D3D3D3D3D3D3D files =3D3D3D and non p\w protected .zip files. Thanks, =3D3D3D3D3D3D3D3D20 _____ =3D3D3D3D3D3D3D3D20 =3D3D3D3D3D3D3D3D20 Brian Claus, A+, Network+, MCP Network Administrator WESCO Distribution, Inc. 225 West Station Square Drive, Suite 700 Pittsburgh, PA 15219-1122 Phone: 412-454-2412 Fax: 412-454-2540 bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D3D3D3D3D3D3D20 _____ =3D3D3D3D3D3D3D3D20 ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D3D3D3D3D3D3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm=3D3D3D3D3D3D3D20 *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D3D3D3D3D3D3D20 set Digest = or =3D =3D3D =3D3D3D3D Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D3D3D3D3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D3D3D3D3D20 set Digest or = =3D3D Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm