[Esd-l] Trapped zip file logging

John D. Hardin jhardin at impsec.org
Thu Mar 4 09:18:04 PST 2004


On Thu, 4 Mar 2004, Smart,Dan wrote:

> ================================================
>  Checking ZIP archive "Info.zip" for poisoning.
>   Decoding to "/tmp/mailchk.JyuzAS"
>   Checking zipped "xvpol.exe"
>    Trapped "xvpol.exe".
> ================================================
> 
> Could the last line say something like "Trapped zipped executable "

Well, what if your zip poison list contains "*.zip" to block nested
ZIP archives? That's not an executable...

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
				-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
   30 days until the Slovakian Presidential Election


More information about the esd-l mailing list