rshearin Posted April 27, 2004 Share Posted April 27, 2004 The spam has no attatchments, my anti-virus software, Symantec, shows no viruses, yet, when I try to submit a small but growing number of spam, Spamcop ends its analysis of it with these words in red, look like a virus, do not submit viruses for reporting, nothing to do. It is as though the spammers have figured some way to fool your server into mistaking it for a virus. Any Ideas ? Link to comment Share on other sites More sharing options...
dra007 Posted April 27, 2004 Share Posted April 27, 2004 I have seen a few of those, but if you want help, post an example so experts can analyze it! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 27, 2004 Share Posted April 27, 2004 Not all virus sent messages contain the attached file to propagate the virus. Not saying this is what is happening here, but it is a possibility. I don't know how spamcop determines that a message "looks like a virus". Link to comment Share on other sites More sharing options...
Farelf Posted April 28, 2004 Share Posted April 28, 2004 Attachments are not mandatory, the payload may appear as just another part provided for in the type="multipart/alternative"; of the Content-Type: declaration. There's a Netsky variant with the "If the message will not displayed automatically, follow the link to read the delivered message." message which shows a link to your ISP but actually links back to the email which displays no attachment because it has its own Content-ID, instead of an "attachment" dispersal declaration: ------=_NextPart_000_001B_01C0CA80.6B015D10 Content-Type: audio/x-wav; name="message.scr" Content-Transfer-Encoding: base64 Content-ID:<031401Mfdab4$3f3dL780$73387018[at]57W81fa70Re> Symantec would have no trouble with my one I should think although they don't document the "no attachment" feature last time I looked. If a known variant can do it (function without an "attachment"), others that the VDs of a particular AV application haven't caught up with yet can too. Have you sent it to Symantec (their reporting facility)? And dra007 has been mentioning some self-opening type which do not have attachments. Sneaky little devils. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.