nested .zip containing bad files not being caught

Peter Peters P.G.M.Peters at utwente.nl
Tue Jul 27 07:33:17 IST 2004


On Mon, 26 Jul 2004 20:58:08 +0200, you wrote:

>Can't help you but I can tell you we've received such a file today.
>The sender is supposed to be a noreply address at our domain but the
>real sender is an DSL address from an ISP.
>The name of the file is marcel at plusine.com.zip which goes through the
>scanner with no problem at all.
>Inside this zip file is another zipfile with the same name.
>Inside this zipfile is one file named :
>marcel at plusine.com.html                                     .com
>At the moment I'm not able to check this file since I don't have a
>scanner running at this ( Linux ) system.

I have received about a hundred of those. The one I tested didn't
trigger F-prot nor Symantec.

Most of the messages look genuine bounce messages but instead of an
attachment with the original headers the zip is the attachment.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list