Am 22.09.2016 um 12:32 schrieb Thomas Barth:

Am 22.09.2016 um 11:50 schrieb

Am 22.09.2016 um 11:36 schrieb Benny Pedersen:
On 2016-09-22 10:16, Thomas Barth wrote:

The content of the mail is:

Content-Type: application/x-zip-compressed; name=""
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=""

whats in this zip file?

malware as in all attachments from this type of spam, easily to detect
be clamd with sanesecurity signatures

I ve installed clamav-unofficial-sigs by debian package. If this is not
working good enough I will try the installation I found here:

dunno - and it's off-topic here - we use own scripts to update the signatures and that stuff is catched by

may i ask why you put such a unfinished and untested in many ways setup in production?

I dont know what is in the zip file. I just have a compressed copy of
the mail. I tried to save the  content of the zip boundary part in a zip
file but I get an loading error when opening the zip file.

what are you doing?

uncompress the mail and drag&drop the raw-mail with .eml extension in tunderbird from where you can simply save the attachment instead grab manually around in multipart-mails

I suppose it contains a javascript file (name.pdf.js)

or .wsf/.exe/.jar and so on - they are changing all the time

Reply via email to