[Mimedefang] Zip --> Zip --> PIF
David Eisner
cradle at umd.edu
Fri Feb 18 16:06:06 EST 2005
I just received an interesting virus. It's a fake bounce with an
attachment named letter.zip. It made it through mimedefang (2.49)
unscathed.
I unzipped letter.zip, which contained a single file, named . . .
letter.zip (kind of like Russian dolls).
I unzipped the interior letter.zip, which contained a Letter.pif. It
appears to be Win32.Mydoom.am (according to Kasperky.com):
http://www.viruslist.com/en/viruses/encyclopedia?virusid=74056
Am I correct that mimedefang will not recursively unzip files when
searching for harmful attachments?
-David
---------------------------------------------------------
D a v i d E i s n e r c r a d l e @ u m d . e d u
CALCE EPSC University of Maryland
More information about the MIMEDefang
mailing list