|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: wmon16.exe
From: Willem Tahon (tahon
un.org)
Date: Tue May 11 2004 - 11:32:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CA too requires one to zip with password “virus”
Best regards,
Willem.
----- Original Message -----
From: Nick FitzGerald [nickvirus-l.demon.co.uk]
Sent: 05/10/2004 08:20 PM
To: incidentssecurityfocus.com
Subject: Re: wmon16.exe
"Willem Tahon" <tahonun.org> wrote:
> Also keep in mind that some of the AV developers require specific handling
> of viruses (e.g. password-protected zipping) before sending them.
Indeed, which is why the McAfee entry appears as follows:
> Network Associates (McAfee) <virus_researchnai.com>
> (use a ZIP file with the password 'infected' without the quotes)
Some of the others may _prefer_ you to do similar or recommend you to
do so to prevent the attachment being stripped by virus-scanning
gateways between the sender and recipient (though these days, zealous
content-filtering gateways will consider passworded ZIPs suitably
dubious to be stripped anyway), but AFAIK only McAfee "requires" this
(and even then they will accept non-ZIP'ed samples but weird things can
happen due to stuffed-up internal message routing resulting in them
sending you back a malicious file along with a message suggesting there
is nothing wrong with it).
Regards,
Nick FitzGerald
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]