On Wed, Aug 9, 2017 at 11:36 AM, Kris Deugau <[email protected]> wrote: > Joseph Brennan wrote: >> >> New one to me-- a phish came in with a .arj attachment. Pretty old >> format. We're going to block it, since I doubt anyone uses it this >> side of the 90s. > > > If you've still got the spample, check the content of that file. It's > probably a RAR archive.
Ha ha. It turns out to be a typo by the sender! This one was "Remittance_382922_pdf.arj". Someone else this morning got "Remittance_382922_PDF.jar" inside "Remittance_382922_pdf.zip", which has to be the same spam. I base64-decoded the spample attachment, but neither unzip nor jar tf can open it, so I wonder what else the spammer did wrong. I'm done with this one. Next! -- Joseph Brennan Lead, Email and Systems Applications _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
