[this post was rejected on Bugtraq. I just sent this to Hotmail through the "Contact us" page, but I am not sure it will ever reach the right person] I signaled this some months ago on VULN-DEV, and it is not fixed yet. The test: - create the "A.zip" archive with eicar.com (or a real nasty code) in it. - create "B.zip" with "A.zip" in it. Send both to some Hotmail account. Try to download A.zip. Mc Afee will tell you that it contains a virus and must be cleaned. The download fails because "there is no cure available for the virus on the file A.zip " (cleaning a test file does not make much sense :) You were warned: "Not all viruses can be cured. Your file will not be downloaded unless a cure is successful." Now try to download B.zip. The download will succeed and Mc Afee says that the file was cleaned. However, the "double" archives still contains eicar. I tried by Magister, BTW, and I got the same behaviour. Note that the user has to launch the virus/worm/whatever. However, if you create self extractor archives, this works too: A.exe is blocked, B.exe is _supposed_ to be cleaned. If you run B.exe, it can run automatically A.exe which can run the virus. IMHO, a wrong feeling of security is worse than no security at all. AFAIK, this is not a bug in McAfee, but in its implementation at Hotmail. On the same "double" archive, Yahoo sent an odd error message but did not say it was cleaned. ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Courrier : http://courrier.yahoo.fr
This archive was generated by hypermail 2b30 : Fri Dec 21 2001 - 09:24:45 PST