Re: wmon16.exe

["Willem Tahon" <tahon () un org>]

CA too requires one to zip with password “virus”

Best regards,
Willem.





----- Original Message -----
From: Nick FitzGerald [nick () virus-l demon co uk]
Sent: 05/10/2004 08:20 PM
To: incidents () securityfocus com
Subject: Re: wmon16.exe

"Willem Tahon" <tahon () un org> wrote:

> Also keep in mind that some of the AV developers require specific handling
> of viruses (e.g. password-protected zipping) before sending them.

Indeed, which is why the McAfee entry appears as follows:

>    Network Associates (McAfee)     <virus_research () nai com>
>      (use a ZIP file with the password 'infected' without the quotes)

Some of the others may _prefer_ you to do similar or recommend you to
do so to prevent the attachment being stripped by virus-scanning
gateways between the sender and recipient (though these days, zealous
content-filtering gateways will consider passworded ZIPs suitably
dubious to be stripped anyway), but AFAIK only McAfee "requires" this
(and even then they will accept non-ZIP'ed samples but weird things can
happen due to stuffed-up internal message routing resulting in them
sending you back a malicious file along with a message suggesting there
is nothing wrong with it).


Regards,

Nick FitzGerald


---------------------------------------------------------------------------
----------------------------------------------------------------------------