FTP Based ZIP File Download Detection

Info Nessus Network Monitor Plugin ID 1195

Synopsis

PVS has detected a FTP transfer of a file compressed with the ZIP algorithm.

Description

PVS has detected a FTP transfer of a file compressed with the ZIP algorithm. This file may contain malicious code, but probably not a direct threat. However, if the host attempting the download is a web server, email server, or other server, this behavior may be indicative of a system compromise.

Solution

Deploy a FTP proxy and block all the downloads of files ending in .zip. In addition, ensure desktop computers have antivirus software.

Plugin Details

Severity: Info

ID: 1195

Family: FTP Clients

Published: 2004/08/20

Modified: 2015/12/04

Risk Information

Risk Factor: Info