nested .zip containing bad files not being caught
Peter Peters
P.G.M.Peters at utwente.nl
Tue Jul 27 07:33:17 IST 2004
On Mon, 26 Jul 2004 20:58:08 +0200, you wrote:
>Can't help you but I can tell you we've received such a file today.
>The sender is supposed to be a noreply address at our domain but the
>real sender is an DSL address from an ISP.
>The name of the file is marcel at plusine.com.zip which goes through the
>scanner with no problem at all.
>Inside this zip file is another zipfile with the same name.
>Inside this zipfile is one file named :
>marcel at plusine.com.html .com
>At the moment I'm not able to check this file since I don't have a
>scanner running at this ( Linux ) system.
I have received about a hundred of those. The one I tested didn't
trigger F-prot nor Symantec.
Most of the messages look genuine bounce messages but instead of an
attachment with the original headers the zip is the attachment.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list