oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) (12/05/90)
> abvax!iccgcc.decnet.ab.com!herrickd@uunet.UU.NET writes: >>>Does Authenticate Verification really do something that is not >>>subvertible? Forgive my skepticism. What does it say it does? > p1@rlyeh.wimsey.bc.ca (Rob Slade) writes: >>>Subject: ZIPping with -AV (PC) >>> oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) >>>suggests that files could be garanteed safe if the authors used the -AV >>>switch when ZIPping the files. What is to prevent anyone from infecting >>>the file, and then reZIPping the infected files ... with -AV on? >>>A genuine, authentic infection ... Well I forgot a few things. 1). PKZIP with -AV option is only available in the USA so only people with the USA version could ZIP files with this option. I don't know if PKUNZIP (overseas) can handle ZIP files that have the AV on. 2). The PKZIP that the VIRUS SCANNER author uses would be registered to him/her with his/her name and a unique Serial #. So even if someone unzipped the file and rezipped it with -AV option the name & serial number would be different. So you could tell if the zip file was tampered with even if it was without malicous intent. PS. The PKZIP -AV option is only available to REGISTERED USERS. Glenn.