[Mimedefang] arj file extension

Joseph Brennan brennan at columbia.edu
Wed Aug 9 13:16:05 EDT 2017

On Wed, Aug 9, 2017 at 11:36 AM, Kris Deugau <kdeugau at vianet.ca> wrote:
> Joseph Brennan wrote:
>> New one to me-- a phish came in with a .arj attachment. Pretty old
>> format. We're going to block it, since I doubt anyone uses it this
>> side of the 90s.
> If you've still got the spample, check the content of that file.  It's
> probably a RAR archive.

Ha ha. It turns out to be a typo by the sender!

This one was "Remittance_382922_pdf.arj". Someone else this morning
got "Remittance_382922_PDF.jar" inside "Remittance_382922_pdf.zip",
which has to be the same spam.

I base64-decoded the spample attachment, but neither unzip nor jar tf
can open it, so I wonder what else the spammer did wrong. I'm done
with this one. Next!

Joseph Brennan
Lead, Email and Systems Applications

More information about the MIMEDefang mailing list