gnupg encrypted mail and malware/spam

Johan Wevers
Mon May 12 04:00:33 2003

Graham wrote:

> Encrypted code cannot be executed automatically,

Virusses that encrypt themselves with a random key and precede with
decryption code existed already in the late 1980's. If the method used isn't
known to the virus scanner you can't detect it, and it will at least fool
some heuristic scanners that scan for code that copies itself. However,
self-modifying code can be another trigger that's something is wrong. But
then, UPX and pklite packed executables might trigger an alarm too.

ir. J.C.A. Wevers         //  Physics and science fiction site:   //
PGP/GPG public keys at