Am 22.09.2016 um 12:32 schrieb Thomas Barth:


Am 22.09.2016 um 11:50 schrieb li...@rhsoft.net:


Am 22.09.2016 um 11:36 schrieb Benny Pedersen:
On 2016-09-22 10:16, Thomas Barth wrote:

The content of the mail is:

--boundary_af9c8db46e1111b73fca8b315aafef01
Content-Type: application/x-zip-compressed; name="e6dfa16bdb.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="e6dfa16bdb.zip"

whats in this zip file?

malware as in all attachments from this type of spam, easily to detect
be clamd with sanesecurity signatures

I ve installed clamav-unofficial-sigs by debian package. If this is not
working good enough I will try the installation I found here:
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/INSTALL

dunno - and it's off-topic here - we use own scripts to update the signatures and that stuff is catched by http://sanesecurity.com/foxhole-databases/

may i ask why you put such a unfinished and untested in many ways setup in production?

I dont know what is in the zip file. I just have a compressed copy of
the mail. I tried to save the  content of the zip boundary part in a zip
file but I get an loading error when opening the zip file.

what are you doing?

uncompress the mail and drag&drop the raw-mail with .eml extension in tunderbird from where you can simply save the attachment instead grab manually around in multipart-mails

I suppose it contains a javascript file (name.pdf.js)

or .wsf/.exe/.jar and so on - they are changing all the time

Reply via email to