[Esd-l] RE: How is a password protected zip file handled?
John D. Hardin
jhardin at impsec.org
Tue Mar 2 18:02:48 PST 2004
On Tue, 2 Mar 2004, Smart,Dan wrote:
> Do I need to add the + sign to my zip_poisoned list?
No, the POSIX "unzip" tool (at least the one I have) does not add the
"+" sign to ZIP listings, so the sanitizer doesn't have a problem with
it. That appears to be a Windows-ism of some sort, as the "+" sign
does not appear within the raw .ZIP file either.
If you care to verify, create a password-protected ZIP file containing
an executable and mail it to yourself.
> See following Email:
> ============================================================================
>
> I've found that the A/V software does see the file within the ZIP archive,
> but cannot process it because it does not recognize the extension. When the
> archive is password protected, the file enclosed receives a "+" character at
> the end of the extension (ie test.exe becomes test.exe+) Since the A/V
> software doesn't recognize that kind of extension, it lets it pass thru.
If someone can create a password-protected or encrypted ZIP file that
displays this behavior, I'd like a copy of it.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
32 days until the Slovakian Presidential Election
More information about the esd-l
mailing list