Re: Zip file virus??

John Small wrote:
My ISP has said they are restricting ZIP file email attachments because they can spread virii? And someone else has told me that their email provider also is restricting ZIP file attachments.

Restricting *.zip and other attachments has been SOP for many institutions and businesses for some time now. EG, my son-in-law administers a network that by default blocks and strips _all_ attachments from external mails. He has set an exception on his account's filter to allow *.jpgs from me to come through. As system admin, he can do this - the ordinary user of the network cannot set exceptions, but must make a case to my son-in-law or his superior to get permission for an exception.

Is it true that ZIP files are virus threats? 

Can a virus be spread by
  a) Simply downloading a ZIP file?

Yes, in the sense that you will have a compressed version of the virus on your system. Some viruses attach *.zips of themselves to outgoing mails, and sooner or later someone will open it, and another copy of the virus becomes active. Your question conflates spreading a virus and activating it.

b) Simply opening a ZIP file (NOT running an self-extracting arching)?

AFAIK, a virus can not be activated by simply decompressing an archive. But AFAIK starting an *.exe as soon as it's decompressed is relatively easy.

c) Running a self-extracting ZIP archive 

Yes, this will activate the virus if present in the archive.

d) Running executables (programs, macros, etc) found within the ZIP archive 

Yes, and  also if run from within the archive.

I would expect #3 and #4 but not #1 and #2.

With Windows, it's best to assume that anything is possible. Keep in mind that self-starting *.EXEs have been attached to all kinds of files, which is why you should, for example, be leery of opening *.WMVs, especially those cutesy jokes and senimental clips, etc, sent by well-meaning friends. Black hats have no shame. Set your AV software to scan all incoming attachments.

And if ZIP files are a virus threat, would not other archive formats be threats, too?

Yes, of course, but other archives are not as widely used. The vast majority of Windows users use Winzip.

FWIW, AVG on my system blocks at least 50% of incoming mails, if my sporadic awareness of its activity fly-out is any indication. I also see about a dozen mails a week that are "empty" - AVG has stripped something evil out of them. These are presumably mails not blocked by the ISP, since I find 20-30 spams a day in the spam folder when I go online to clean out my ISP-side mailbox. These are the "harmless" ones. The ISP does block an unknown number of mails absolutely, as well.

HTH
.

Relevant Pages

  • Re: Zip file virus??
    ... >> their email provider also is restricting ZIP file attachments. ... > attachments from external mails. ... >> Is it true that ZIP files are virus threats? ... > Yes, of course, but other archives are not as widely used. ...
    (comp.os.os2.misc)
  • Re: Zip file virus??
    ... > because they can spread virii? ... > their email provider also is restricting ZIP file attachments. ... > Is it true that ZIP files are virus threats? ...
    (comp.os.os2.misc)
  • Re: microsoft email virus
    ... VIRUS DETECTED! ... >No attachments are in this category. ... Also ask your mail server provider to block these mails. ...
    (microsoft.public.security.virus)
  • Re: every email I send has an attachment?
    ... found out about a virus that can spread without the user opening ... >> attachments. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Email virus
    ... I've run latest Norton check on my PC and it picks up ... and yet I'm getting mails from people I've never ... hotmail account is sending them mails with virus ... attachments. ...
    (microsoft.public.scripting.virus.discussion)