[Mimedefang] quick heads up: tampered zip passes viruscheck

[Jan Pieter Cornet]

This came by on the clamav mailinglist, and it went straight through
both of my virus scanners built into mimedefang:

http://www.xs4all.nl/~johnpc/eicar-hidden2.zip

It's a tampered .zip file which includes a copy of EICAR. You might
want to test how your virus scanners handle it. At least "zip" from
InfoZip unpacks it, albeit with a warning, producing a "real"
virus (EICAR).

It's possible to detect this with a bit of Archive::Zip prodding,
but it's too late for me to try that right now.

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet