> -----Original Message----- > From: Michael Scheidell [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 21, 2008 12:12 AM > To: Bob Pierce; users@spamassassin.apache.org > Subject: Re: UPS / FedEx spam with virus attached > > > > From: Bob Pierce <[EMAIL PROTECTED]> > > Date: Wed, 20 Aug 2008 16:53:35 -0500 > > To: <users@spamassassin.apache.org> > > Subject: UPS / FedEx spam with virus attached > > > > We've been seeing lots of messages with contents similar to this: > > > > "Unfortunately we were not able to deliver postal package you > > sent on July the 25 in time because the recipient's address is not > > correct. > > Please print out the invoice copy attached and collect the package at > > our office." > > > > Of course the zip attachment contains a virus, and ClamAV does not > seem > > to be catching that either. > > > > Has anyone else been getting lots of these? If so, what are you doing > to > > block them? > > We use amavisd-new to quarantine any zip files with executables. > > Oh, the postal one is old. Watch for a new one. Journalists shot in > georgia. > Password protected zip file. Password in email > Any user who goes through the trouble to unzip/put in password then > click on > executable deserves to get infected. (clamav can mark encrypted files > as > 'virus' if you edit the clamd.conf file)
Often these messages carry the very same encrypted zip file, thereby it may help to report the encrypted zip to the ClamAV database: they will mark the file as "encrypted virus" or something like that. I did once some days ago and it worked. Not a blazing round-trip time, but nevertheless it did the job. Giampaolo > > -- > Michael Scheidell, CTO > >|SECNAP Network Security > Winner 2008 Network Products Guide Hot Companies > FreeBSD SpamAssassin Ports maintainer > > > > > > > Bob > > > > _______________________________________________________________________ > __ > This email has been scanned and certified safe by SpammerTrap(r). > For Information please see http://www.spammertrap.com > _______________________________________________________________________ > __
