[AccessD] OT: Zip files (was Logic issue)

MartyConnelly martyconnelly at shaw.ca
Thu Aug 25 14:14:52 CDT 2005 

There used to be an old problem hiding ANSI bombs in ZIP files that 
executed on opening ZIP files with PKZIP.
I still have the code somewhere to do it. But MS patched the ANSI.SYS file.
I don't think anyone is still running unpatched DOS 3.2

Jim Lawrence wrote:

>Hi Lambert:
>
>In theory virus can be hidden within a ZIP file and virus scanning programs
>can not see them as a signature stream of values are required for virus
>identification. The compression algorithm of the ZIP alters that signature
>stream. Also some tricky code within a so called ZIP file can activate in
>the process of unzipping the ZIP file.
>
>But that can always be got around by simply sending your ZIP file named like
>MYZipFile.ZIP.txt. When on one contract this technique was used by the local
>IT people to slip ZIP files through the filters and then the first dot and
>extension were removed. The ZIP files were then unzipped in isolation and
>tested before being introduced on LAN
> 
>A little paranoid? You bet but at one government office, a couple of years
>ago, a BlasterWorm got in through a similar method and the result was that a
>couple of Ministries were down off and on for the better part of a month.
>Put a price tag on that incident.
>
>My two cents worth
>Jim
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Heenan, Lambert
>Sent: Thursday, August 25, 2005 8:58 AM
>To: 'Access Developers discussion and problem solving'
>Subject: RE: [AccessD] OT: Zip files (was Logic issue)
>
>IMHO it's caused by IT people who are too paranoid by far. They invest
>thousands on virus scanning software, keep updating the sig files every 24
>hours, but in the end they don't trust it to weed out the viruses coming at
>them via ZIP files. Rather than scanning the contents of ZIP files they
>blindly block them. Also, don't the realize that most (All?) antivirus
>programs can be set to scan files when they are opened and or written to
>disk? So even if a zip file does have a virus, the anti-virus package should
>kill it.
>
>Lambert
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Charlotte Foust
>Sent: Thursday, August 25, 2005 11:21 AM
>To: Access Developers discussion and problem solving
>Subject: RE: [AccessD] OT: Zip files (was Logic issue)
>
>
>Does anyone know what the logic is for blocking zip files?  I run into this
>occasionally and it drives me nuts!  You zip files to avoid the filters that
>won't accept an mdb, etc., and then you run into filters that won't accept
>the zip files.  Oops, Catch-22.  That drumming you hear is my head pounding
>against the wall ....
>
>Charlotte Foust
>
>
>-----Original Message-----
>From: John Clark [mailto:John.Clark at niagaracounty.com] 
>Sent: Thursday, August 25, 2005 5:08 AM
>To: accessd at databaseadvisors.com
>Subject: RE: [AccessD] Logic issue
>
>
>Yes Frank, I always like to checkout someone's ideas...I learn so much more
>than any book can teach. My address is john.clark at niagaracounty.com
>
>
>If this is a zip file, change the extention to something like .zp, because
>we block .zip files.
>
>John W. Clark
>Computer Programmer
>Niagara County
>Central Data Processing
>
>  
>
>>>>frank at fhsservices.co.uk 8/24/2005 5:21 PM >>>
>>>>        
>>>>
>Here's a different solution!
>If you have a checkbox for each title or position that can be applicable to
>each person represented through the database then, on the client form of any
>of people the list the checkboxes will indicate positives for the applicable
>option. So, Jack Jones can have the boxes ticked for Defence attorney,
>prosecuting attorney, Judge etc. etc. The final checkbox (no 9 on my sample)
>can be set to "Other" and have an associated textbox in the table which will
>only be displayed it no 9 is ticked and the text will be entered into the
>open, blank textbox for storage and later retrieval. The trick here is to
>combine the bit value of each checkbox to obtain a unique value for the
>combination of boxes ticked. I have a small database of the principle as a
>working example which I can forward to anybody who would like to see it. The
>AccessD list is limited to a 30K unit size and will not allow me to attach
>the sample to this text
>
>Kind regards,
> 
>Frank Hill
>
>Kind regards,
> 
>Frank Hill
>
> 
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com 
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of John Clark
>Sent: 24 August 2005 18:36
>To: accessd at databaseadvisors.com 
>Subject: [AccessD] Logic issue
>
>Hi all
>
>I am having trouble working out how I want to go about something, and I am
>hoping somebody here can give me a nudge. It doesn't sound difficult, but
>I'm running into dead-ends. I am starting to think that I will just have to
>go ahead and finish up with "whatever" and work around things.
>
>I am doing a project for a district attorney's office, and it will basically
>just keep tabs on everybody that passes through the system. The problem is
>though that there are "Defendants", defense lawyers, prosecuting lawyers,
>judges, and victims, and it isn't rare for a single person to cross into
>multiple lists. And, theoretically, it is possible to be in all lists. For
>instance there are many prosecuting lawyers that become defense attorneys,
>and it is not unlikely that one of these attorneys could be a judge in the
>future. That scenario is very possible, and you can add it that a lawyer is
>very able to be a victim, and hell, we all know they can be criminals ;)
>Another scenario that happens very frequently, is that a person is both a
>defendant and a victim. 
>
>I don't want the person entering data to scroll through hundreds, and
>eventually thousands, of names to pick an attorney's name from among the
>list of everybody else in the system.
>
>The idea I am working on presently is to add logical fields for each
>designation to the table of names. For instances:
>
>kNameID
>txtLastName
>txtFirstName
>txtMI
>txtSuffix
>logAttorney
>logADA
>logJudge
>logVictim
>logDefendant
>
>If I do this, I will have removed some fields that are currently there, such
>as:
>
>txtAddress1
>txtAddress2
>txtCity
>txtSt
>txtZip
>txtPhone
>
>And, I will put these in another linked table. There may be a need to have
>multiple addresses for the defendants, so this would be best I think.
>
>The problem that I am foreseeing here...I'm not at that point, so my fears
>could be unfounded...is setting these fields to true and/or false, as
>needed.  Basically, thinking of victims for a minute here, the defendant
>screen, which will actually be an "Indictment" screen, will have a subform
>to hold potentially many victims for the indictment. If a victim IS already
>in the system as something else, I will need to tag that name as a victim
>and I'm wondering if this will present difficulties.
>
>Well, I hope I am being clear enough. If anyone out there has any tips for
>me, I would greatly appreciate it if you would pass them along.
>
>Thank you!
>
>John W Clark
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the AccessD mailing list