I found this on the NTBUGTRAQ mailing list from a Michael Maloney. I don’t know the validity of this, but it seemed interesting enough to post. I would be interested in hearing whether or not this works.
“With the release of Beagle.H and Beagle.I, virus writers started enclosing the infected files within password protected ZIP files. This negated the ability of A/V software to view the enclosed file within.
I’ve found that the A/V software does see the file within the ZIP archive, but cannot process it because it does not recognize the extension. When the archive is password protected, the file enclosed receives a “+” character at the end of the extension (ie test.exe becomes test.exe+) Since the A/V software doesn’t recognize that kind of extension, it lets it pass thru.
I found that by adding the “+” character to file extensions that are blocked (.exe+, .cmd+, .vbs+ etc etc), the A/V software can now recognize that file extension and perform the necessary actions on it.
I’ve only tested this out on Norton Anti-Virus for Exchange V2.1, but it should work on the other A/V software programs.”