CPCSysAdmin said:
Now, we are being overrun with infected zip files since the virus writers
know that support is directly built into XP. Ninety percent of our users
don't even need zip support. Our mail servers are being overpowered due
to the CPU resources required to unzip and inspect the attachments for
viral content. The zip features of XP are protected by 'Windows File
Protection' so one must edit SFC_OS.dll with a binary editor to disable
WFP to kill off zip support. What a nasty mess when attempting such a
solution out to a large domain not to mention the loss of system file
protection. Please don't tell me to simply run regsrv32 /u zipfldr.dll
as this won't do the job.
WE NEED A HOTFIX NOW WHICH PROVIDES ONE REGISTRY KEY TO
DISABLE ALL NATIVE SUPPORT FOR ZIP FILES AND FOLDERS.
Hi
Not exactly what you ask for, but try the script below that I have
created now. I think it for the most part should do the trick.
--------------------8<----------------------
' Disable the the builtin zip support pretty good (but only as long
' as it is the default zip file handler). Note that it will not touch
' the registry part if a 3rd party zip manager have taken control
' over the .zip file extension.
'
' Author: Torgeir Bakken
' Date: 2004-03-06
'
' remove entry in Sendto for current user (this part of the script
' can only be run locally)
Set oShell = CreateObject("WScript.Shell")
oShell.Run "%comspec% /c del ""%USERPROFILE%\SendTo" _
& "\Compressed (zipped) Folder.ZFSendToTarget""", 0, True
' To do the above for all users defined on a computer (in e.g.
' a GPO startup script), or remotely (using the admin share C$,
' see this post for a starting point:
'
http://groups.google.com/[email protected]
' the following part can be run against a remote computer
' as well as locally, using WMI only.
Const HKLM = &H80000002
sComputer = "." ' use "." for local computer
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& sComputer & "\root\default:StdRegProv")
' get default value
oReg.GetStringValue HKLM, "SOFTWARE\Classes\.ZIP", "", sValue
If Not IsNull(sValue) Then
If LCase(sValue) = "compressedfolder" Then
' prepare for launching regsvr32.exe /s when zip file is launched
' this will do nothing and will be silent.
oReg.CreateKey HKLM, "SOFTWARE\Classes\dummyfile\shell\open\command"
oReg.SetStringValue HKLM, _
"SOFTWARE\Classes\dummyfile\shell\open\command", "", "regsvr32.exe /s"
' change the .zip handling and do some cleanup
oReg.SetStringValue HKLM, "SOFTWARE\Classes\.ZIP", "", "dummyfile"
oReg.DeleteValue HKLM, "SOFTWARE\Classes\.ZIP", "Content Type"
oReg.DeleteValue HKLM, "SOFTWARE\Classes\.ZIP", "PerceivedType"
oReg.DeleteValue HKLM, _
"SOFTWARE\Classes\.ZIP\OpenWithProgids", "CompressedFolder"
DeleteRegistryKey HKLM, "SOFTWARE\Classes\.ZIP\CompressedFolder"
DeleteRegistryKey HKLM, "SOFTWARE\Classes\SystemFileAssociations\.zip"
End If
End If
Sub DeleteRegistryKey(ByVal sHive, ByVal sKey)
Dim aSubKeys, sSubKey, iRC
On Error Resume Next
iRC = oReg.EnumKey(sHive, sKey, aSubKeys)
If iRC = 0 And IsArray(aSubKeys) Then
For Each sSubKey In aSubKeys
If Err.Number <> 0 Then
Err.Clear
Exit Sub
End If
DeleteRegistryKey sHive, sKey & "\" & sSubKey
Next
End If
oReg.DeleteKey sHive, sKey
End Sub
--------------------8<----------------------