Hi Alessandro, On Monday, 11. April 2016 16:38:15 Alessandro Briosi wrote: > This is what is detected: > Apr 11 14:36:28 mail amavis[31751]: (31751-01) p003 1 Content-Type: > multipart/mixed > Apr 11 14:36:28 mail amavis[31751]: (31751-01) p001 1/1 Content-Type: > text/plain, size: 564 B, name: > Apr 11 14:36:28 mail amavis[31751]: (31751-01) p002 1/2 Content-Type: > application/zip, size: 59784 B, name: documento_ > fatturaaccompagnatoria_.pdf.zip > > which seems pretty correct to me > > No white listing I can guess of. > If I unzip the file and rezip it, then send an identical mail the file > is blocked.
the problem here is that the .exe file is not unzipped correctly. I could reproduce the problem locally. We've received a similar sample virus six weeks ago and privately informed the perl Archive::Zip maintainer. He's currently looking into it. I'll keep you posted once there's an update on this. Cheers, Thomas
