[Mimedefang] Zip --> Zip --> PIF

David Eisner cradle at umd.edu
Fri Feb 18 16:06:06 EST 2005

I just received an interesting virus.  It's a fake bounce with an
attachment named letter.zip.  It made it through mimedefang (2.49)

I unzipped letter.zip, which contained a single file, named . . .
letter.zip (kind of like Russian dolls).
I unzipped the interior letter.zip, which contained a Letter.pif.  It
appears to be Win32.Mydoom.am (according to Kasperky.com):

Am I correct that mimedefang will not recursively unzip files when
searching for harmful attachments? 


D a v i d  E i s n e r        c r a d l e @ u m d . e d u   
CALCE EPSC                         University of Maryland    

More information about the MIMEDefang mailing list