Virus?

[rshearin]

The spam has no attatchments, my anti-virus software, Symantec, shows no viruses, yet, when I try to submit a small but growing number of spam, Spamcop ends its analysis of it with these words in red, look like a virus, do not submit viruses for reporting, nothing to do.

It is as though the spammers have figured some way to fool your server into mistaking it for a virus.

Any Ideas ?

[dra007]

I have seen a few of those, but if you want help, post an example so experts can analyze it!

[StevenUnderwood]

Not all virus sent messages contain the attached file to propagate the virus. Not saying this is what is happening here, but it is a possibility. I don't know how spamcop determines that a message "looks like a virus".

[Farelf]

Attachments are not mandatory, the payload may appear as just another part provided for in the type="multipart/alternative"; of the Content-Type: declaration. There's a Netsky variant with the "If the message will not displayed automatically, follow the link to read the delivered message." message which shows a link to your ISP but actually links back to the email which displays no attachment because it has its own Content-ID, instead of an "attachment" dispersal declaration:

------=_NextPart_000_001B_01C0CA80.6B015D10

Content-Type: audio/x-wav;

        name="message.scr"

Content-Transfer-Encoding: base64

Content-ID:<031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re>

Symantec would have no trouble with my one I should think although they don't document the "no attachment" feature last time I looked. If a known variant can do it (function without an "attachment"), others that the VDs of a particular AV application haven't caught up with yet can too. Have you sent it to Symantec (their reporting facility)?

And dra007 has been mentioning some self-opening type which do not have attachments. Sneaky little devils.