POP3:.ZIP
This signature detects e-mail attachments with the extension .zip received using POP3. This can indicate an incoming e-mail virus. Zip files are compressed files that can contain one or more executables. Attackers can compress malicious executables within a .zip file, tricking unsuspecting users into executing the file and infecting the system. Because Zip files are frequently used for non-malicious purposes, this signature can generate false positives. As a general network security precaution, ensure that all users are aware of the dangers of sending and receiving binary files in e-mail attachments.
Extended Description
A remote attacker could send a victim malicious code hidden in an e-mail with a ZIP attachment. The impact of such an attachment depends on use behavior and the behavior of the malicious code.
Short Name
POP3:EXT:DOT-ZIP
Severity
Warning
Recommended
False
Recommended Action
None
Category
POP3
Keywords
.ZIP
Release Date
07/28/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown