'Empty' zip files?
alex at nkpanama.com
Mon Aug 9 13:09:05 IST 2004
This message in particular "tripped" Norton Antivirus 2004 for Windows.
Scared the #@Ñ/)/!! out of me, since I haven't *ever* seen the antivirus pop
up and say it found something since I installed MS so many months ago.
I usually have to get rid of the "catch all double extensions" rule because
of clients who insist on being able to name their files whatever they want;
I guess this means I'll have to use rules to disallow "dot + three
characters + dot zip"...
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Remco Barendse
Sent: Monday, August 09, 2004 4:42 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: 'Empty' zip files?
Guess this is slightly off-topic but we are getting viruses with a zipfile
(in the form of usernamemydomainname.com.zip)
MailScanner traps these zip files because of filename rules. The strange
thing is however that MS is just reporting a filename problem and no
virus name. The zip file in /var/spool/MailScanner/quarantine has a file
size of 0 (that would explain why no virus was reported) but I think the
zip file may not be 0 size on every client.
When I look into the df/qf pair there is a considerable amount of
data in it that would be for the attachment.
Could there be something wrong with the mime decoder and would M$ Outlook
be able to decode it properly (which would potentially mean that we would
be vulnerable to the virus?
I will paste the top part of the df file here:
This is a multi-part message in MIME format.
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
More information about the MailScanner