On Tue, 20 Jul 2004 at 14:31:03 -0400, henry j. mason wrote: > greetings clamav.users; > > i use clamav 0.70-4 on debian 3.0 stable/testing, with > amavisd-new-20030616. one of my customers has been complaining > of recieving what they claim are Worm.Bagle.AG emails, but > when they forward them to me, they contain nothing but an > image file with a number in it (the 'zip password', apparently) > and an *empty* unencrypted zip file. > > clamav has been catching lots of Worm.Bagle.AG, ever since it > has appeared on the scene, and this is the first real report > i have of anything slipping by it. of course, since the zip > files in all cases so far have been actually empty, this does > not represent a serious threat, just an annoyance. indeed, i'm > not sure how clamav can be expected to block something that > does not in fact contain a virus :> > > has anyone else encountered this? i can easily see a poorly > written virus sending out botched copies of itself.
That's right. We got many samples of messages generated by Worm.Bagle.AF.2 containing empty (0 B) zip files. > unfortunately i have yet to recieve a copy of this myself, so > all i have are forwards from outlook, which makes an ungodly > mess of the email itself. however, i can provide a sample if > anyone is interested. No, thanks :-) . We have got many. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
