A tool many of you may make find useful!

jim stephens jwsmail at jwsss.com
Sun Jun 28 19:03:49 CDT 2020 


On 6/28/2020 1:34 PM, Richard Pope via cctalk wrote:
> Will,
>     Ultimate Zip is showing that the file is empty. Hum! I have been 
> using Ultimate Zip for decades. Hum! I wounder what is going on! Could 
> someone please just send me the individual files to my email address?
> GOD Bless and Thanks,
> rich!
>
I used wget on the link.  To be sure I had the correct unarchiver, I 
used the file command and it was indicated to be a version 2 zip, and it 
opened with the EXE payloads and a text file just fine.

A lot of web scanner tools which scan web downloads will flag a zip file 
with exe file payloads because that's one of the simplest trojan 
vectors.  I'd recommend you try to email them with an emailer such as 
yahoo.  or use your own virus scan explicitly on the directory with the 
exe files (for those who succeed in downloading the package).

The simplest least bs and most on your own method for this is what I 
did.  The problem with trojans is so significant I can't really say 
there's a problem with the using more caution on these sorts of payloads.

Also, I suspect that someone who is having problems with the downloads 
to go to the cctech/cctalk list archive and use the link there if it 
comes up as an active link in the download and see if it's flagged 
there.  That is if the archiver doesn't obfuscate it.

To Dave, I had a tool that did this years ago (30?) which used a 
sophisticated shell script to create an index of md5 sums on the results 
of a find of every file in a tree to smoke out duplicates. I lost it, 
and have been wanting to write a python version with some other 
additions, such as a delta feature to be able to do the scans on a 
catch-up basis after an epoch scan.

I currently have an index I do on my nas systems which runs daily, and 
it could run a scan like this as well in case there were dupes daily as 
well.  Would also help save against bit rot.

thanks
Jim

On 6/28/2020 3:29 PM, Will Cooke via cctech wrote:
>>> On June 27, 2020 at 5:16 PM Richard Pope via cctech 
>>> <cctech at classiccmp.org> wrote:
>>>
>>> Dave,The file is empty.GOD Bless and Thanks,rich!
>>> On 6/27/2020 4:55 PM, Dave Dunfield via cctalk wrote:>
>> I downloaded the file on a Linux machine.  Chrome warned me that 
>> "this is file is not often downloaded and may be dangerous."  I 
>> opened the .zip file with xarchiver and found several .exe files and 
>> two .txt files.  Being Linux and those being win32 executables, I 
>> couldn't run them.
>>
>> Will
>>
>

More information about the cctech mailing list