Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!news.cs.indiana.edu!rutgers!bagate!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) Newsgroups: comp.virus Subject: Virus Scanning Products & PKZIP -AV Option. Message-ID: <0007.9012051525.AA15332@ubu.cert.sei.cmu.edu> Date: 4 Dec 90 21:07:00 GMT Sender: Virus Discussion List Lines: 30 Approved: krvw@sei.cmu.edu > abvax!iccgcc.decnet.ab.com!herrickd@uunet.UU.NET writes: >>>Does Authenticate Verification really do something that is not >>>subvertible? Forgive my skepticism. What does it say it does? > p1@rlyeh.wimsey.bc.ca (Rob Slade) writes: >>>Subject: ZIPping with -AV (PC) >>> oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) >>>suggests that files could be garanteed safe if the authors used the -AV >>>switch when ZIPping the files. What is to prevent anyone from infecting >>>the file, and then reZIPping the infected files ... with -AV on? >>>A genuine, authentic infection ... Well I forgot a few things. 1). PKZIP with -AV option is only available in the USA so only people with the USA version could ZIP files with this option. I don't know if PKUNZIP (overseas) can handle ZIP files that have the AV on. 2). The PKZIP that the VIRUS SCANNER author uses would be registered to him/her with his/her name and a unique Serial #. So even if someone unzipped the file and rezipped it with -AV option the name & serial number would be different. So you could tell if the zip file was tampered with even if it was without malicous intent. PS. The PKZIP -AV option is only available to REGISTERED USERS. Glenn. Brought to you by Super Global Mega Corp .com