Message16420
Logged In: YES
user_id=64929
The analysis by sjones is correct. Python and the zip file
format both allow null bytes in file names. But in this case,
the file is infected with the "I-Worm.Lentin.o" virus and the
file name is designed to hide this. The file name ends in ".txt"
but the file name up to the null byte ends in ".exe". The
intention is that a virus scanner would skip this file because it
ends in ".txt" ( a non-executable text file), but that
the ".exe" would be seen (an executable program file) if the
file were clicked, and so the file would be executed.
Testing this on my machine, my virus scanner (Kaspersky)
nevertheless flags the ".zip" file as containing a virus, but this
depends on the particular virus scanner and its settings.
I suggest that zipfile.py should terminate file names at a null
byte as InfoZip does. |
|
Date |
User |
Action |
Args |
2007-08-23 14:13:56 | admin | link | issue755031 messages |
2007-08-23 14:13:56 | admin | create | |
|