Update:0 byte attachments can't infect anyone. But they cause grief at the end user's desk. Unfortunately there's no easy way out of that.
I am getting lots of emails that appear to be viruses, following the same pattern as W32.Netsky.B, and this is my original reason for thinking it was a new variant of this virus.
The attachments are 0 bytes - so even if I was able to work out how to generate a signature, I couldn't!
Anyone any ideas on this? Could this be a new [broken] variant that is sending mails to my mail server, but not infecting me?
There are two possible reasons for empty attachments:
1. Not properly written AV software, which just removes bad content from mails but not the multipart it was sent in
2. Defective or not well written (are there any?) worms/virii
From my personal quarantine directory I can say that I get hit on (2) more often. In fact, even Symantec seems to have learned how to rewrite multipart MIME messages after they have been cleaned ;-)
You can't create (a reliable) signature for empty attachments IIRC. It _is_ possible to modify clamav in a way that it rejects empty attachments, but one may argue that this is just not clamav's job, as empty attachments are not a virus and therefore clamav is not responsible for that.
Thomas
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
