El lun, 25-10-2004 a las 11:25 +0200, Jan Pieter Cornet escribi�: > Hmm... curiously enough, I was made aware of another mabutu-A .zip > file that flew past the virus filters... however, the zipfile was > so heavily damaged that I needed "zip -FF" to extract anything (and > even then, the last 30k was missing, according to the info in the > zipfile). I didn't see any mention of the virus generating malformed > zip files, in the description of mabutu. > > Do you still have access to that email? Have you tried extracting > the attachment, and then unpacking it?
Yes. From Linux, using unzip, I can extract and unpack it with no errors at all. After doing so, I've run 'file *.scr' and it seems a correct executable Windows file. > Have you looked at the logfile > in detail to check wether the virus scanners have reported an error? > I my case, the virus scanners reported "this is a multipart zip archive". > No, it hasn't showed any error message... > I have yet to try to unpack and run this thing on evil empire > technology, though, so I have no idea if this was a real damaged virus > that could do no harm, of if it is a deliberate ploy by the virus to > bypass filtering (which would be the second way to bypass virusfilters > using modified zipfiles that I've come across in a short while). > I don't know why, but I've just tried to send me a copy of the infected message, and Mimedefang has blocked it properly now... McAfee hasn't updated its signature file since some days ago... I haven't touched any configuration file... Strange behaviour... Perhaps a mimedefang restart fixed it? I don't know... :-? At least, I can't reproduce the problem now... Greetings. -- David Mar�n Carre�o <[EMAIL PROTECTED]> Desarrollo y Recursos, S.L. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
