On 2/6/14, 7:54 AM, Douglas Goddard wrote:
Looking at the original file and what was uploaded to VT, this signature is
the md5sum of 43180 null bytes. While I would say this is definitely
Junk.Corrupted, it's not malicious. I'll drop it.
Thanks for the report.
There's more you should do (and maybe you have). Verify the sender is who you
think it is by asking them. Spoofing From: addresses is trivial. Ask if they can
explain the null byte file - this can act as a heads up for them to explore
their environment security. It may all be innocent or a simple error, or not. It
may have been a probe of your defenses by a drone.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
