[Avcheck] passworded zips
Piotr KUCHARSKI
chopin at sgh.waw.pl
Wed Mar 3 22:19:09 MSK 2004
On Wed, Mar 03, 2004 at 12:24:41PM -0600, Kapp Kapter wrote:
> > Is there some way to delete/quarantine/bounce back mails
> > containing passworded archives? Currently I use DrWeb+avcheck.
> I use avcheck-0.9 and changed the DERR_SKIPPED references in the DRWEB
> section. I included it in DERR_VIRUS area and removed it from
> DERR_SKIP_CODE.
Heh, I was just about to send an email with solution I came up with:
+++ avcheck.c.old Wed Mar 3 19:49:42 2004
--- avcheck.c Wed Mar 3 20:09:50 2004
@@ -551,3 +551,3 @@
#define DERR_VIRUS \
- (DERR_KNOWN_VIRUS|DERR_UNKNOWN_VIRUS|DERR_VIRUS_MODIFICATION)
+ (DERR_KNOWN_VIRUS|DERR_UNKNOWN_VIRUS|DERR_VIRUS_MODIFICATION|DERR_SKIPPED)
As for DERR_SKIP_CODE I did not bother, it enters there only
if !(c & DERR_VIRUS)
Thanks anyway.
Btw, I dropped 111000 viruses in March (yes, not even 3 days).
I start to think that infected script is not needed anymore.
DrWeb team did not answer my asking about including some code
identifying viruses faking mails, you have to watch very carefully
for new viruses as they come out and most do fake sender address,
gazillions of stupid admins do not care and send notification
everytime, users slowly stop asking, why they got such notification
after dozens of answers "sorry, someone had a virus which faked
your address, some admin rejected the mail and sent the reply to
faked address, please ignore it" and now, even if they get reply
from my system -- they will ignore it. (Though I admit I like
infected because it gives an admin (me) reports with headers; but
that does not have to be mailed, it can be put to local file,
much less overhead.)
p.
--
Beware of he who would deny you access to information, for in his
heart he dreams himself your master. -- Commissioner Pravin Lal
http://nerdquiz.sgh.waw.pl/ -- polska wersja quizu dla nerdów ;)
More information about the Avcheck
mailing list