Am 22.09.2016 um 12:32 schrieb Thomas Barth:
Am 22.09.2016 um 11:50 schrieb li...@rhsoft.net:
Am 22.09.2016 um 11:36 schrieb Benny Pedersen:
On 2016-09-22 10:16, Thomas Barth wrote:
The content of the mail is:
--boundary_af9c8db46e1111b73fca8b315aafef01
Content-Type: application/x-zip-compressed; name="e6dfa16bdb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="e6dfa16bdb.zip"
whats in this zip file?
malware as in all attachments from this type of spam, easily to detect
be clamd with sanesecurity signatures
I ve installed clamav-unofficial-sigs by debian package. If this is not
working good enough I will try the installation I found here:
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/INSTALL
dunno - and it's off-topic here - we use own scripts to update the
signatures and that stuff is catched by
http://sanesecurity.com/foxhole-databases/
may i ask why you put such a unfinished and untested in many ways setup
in production?
I dont know what is in the zip file. I just have a compressed copy of
the mail. I tried to save the content of the zip boundary part in a zip
file but I get an loading error when opening the zip file.
what are you doing?
uncompress the mail and drag&drop the raw-mail with .eml extension in
tunderbird from where you can simply save the attachment instead grab
manually around in multipart-mails
I suppose it contains a javascript file (name.pdf.js)
or .wsf/.exe/.jar and so on - they are changing all the time
