[THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)

• From: Euan Cooper <Euan.Cooper@xxxxxxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Fri, 5 Mar 2004 10:40:58 +1300

I have no knowledge or experience with GFI products but  the following
article from the GFI knowledgebase seems to imply that the product cannot
scan password protected ZIP files - but that it can be configured to allow
them to be delivered ....  I see that the article lists version 8.0 as one
of the versions that can be configured in this way.

http://kbase.gfi.com/showarticle.asp?id=KBID001567

-----Original Message-----
From: Nick Smith [mailto:nick@xxxxxxxxxxxxxxx]
Sent: Friday, 5 March 2004 9:21 a.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Security response to BAGLE virus
(passwordprotected .zips)


Ummmm...it's under the Decompression Engine Settings  in my version 8.0
Nick
-----Original Message-----
From: Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=20
Sent: 04 March 2004 16:26
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Security response to BAGLE virus
(passwordprotected .zips)

How does it decompress it without the password?  Are they running a
cracking program to get the password so it can scan the archive?

I am using MailSecurity at another office and see nothing in settings
about this feature.  Is it just something they say it does?=3D20

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Stephen Herrera
Sent: Thursday, March 04, 2004 10:12 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Security response to BAGLE virus
(passwordprotected .zips)

GFI MailSecurity's decompression engine checks password protected =3D3D
archives.

steve

 -----Original Message-----
From:   Evan Mann [mailto:emann@xxxxxxxxxxxxxxxxxxxxx]=3D3D20
Sent:   Thursday, March 04, 2004 6:22 AM
To:     thin@xxxxxxxxxxxxx
Subject:        [THIN] Re: OT:  Security response to BAGLE virus =3D3D
(passwordprotected .zips)

Blocking the specific filename attachments that Bagle and it's variants
use.  These are documented by SARC and others.  This lets me accepts
legit .ZIPs but not the virus.  This is a short term option as I expect,
very soon, a variant (or new virus) that randomly generates encrypted
.ZIPs.=3D3D3D20

Some people on Focus-VIRUS mailing list are blocking attachment under a
certain size.  Others block .ZIP entirely.  The only methods are
filtering methods.  No AV scanning products can pick up the virus itself
inside a password protected ZIP.  The AV companies need to come up with
something quick! =3D3D3D20



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Rogers
Sent: Thursday, March 04, 2004 9:02 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Security response to BAGLE virus
(passwordprotected .zips)

We've got Clearswifts Mailsweeper here, and have blocked (well, ok,
mailswe=3D3D3D3D eper distribute lists) all the phrases that the worms =
=3D
use.
We've also got s=3D3D3D3D ize limits set on the attachments, so we can =
=3D
stop =3D3D =3D3D3D all attachments of type x=3D3D3D3D  under size y!

Andrew
--o--

>>> BClaus@xxxxxxxxxxxxx 04/03/04 13:28:12 >>>
Just wondering what others are doing to combat the latest BAGLE worm.
=3D3D3D3D3D It's password protected so standard AV won't scan into it.  =
=3D
How =3D3D is =3D3D3D3D3D everyone else handling delivery of .zip files =
now?

We're using the Trend Micro AV suite.

Do you think the latest password protected BAGLE worm has caused the =3D
=3D3D3D =3D3D3D3D3D demise of password protected .zip files?

My immediate opinion in the matter is that password protected .zip files
=3D3D3D3D3D will now be treated with the same delivery restrictions that =
=3D
the .exe, =3D3D3D3D3D .scr, .pif, .vbs have come under but I'm not aware
of =3D any =3D3D AV software or =3D3D3D3D3D other means to differentiate
scanning =3D options =3D3D between p\w protected .zip =3D3D3D3D3D files =
and
non p\w protected .zip files.


Thanks,
=3D3D3D3D3D20

  _____ =3D3D3D3D3D20

=3D3D3D3D3D20
Brian Claus, A+, Network+, MCP
Network Administrator
WESCO Distribution, Inc.
225 West Station Square Drive, Suite 700 Pittsburgh, PA 15219-1122
Phone:  412-454-2412
Fax:  412-454-2540
bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D3D3D3D20
  _____ =3D3D3D3D3D20

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com=3D3D3D3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm=3D3D3D3D20
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D3D3D3D20 set Digest or =3D
Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com=3D3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D3D20 set Digest or Vacation
mode use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)

1. Home
2. thin
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---