Jump to content



Recommended Posts

The spam has no attatchments, my anti-virus software, Symantec, shows no viruses, yet, when I try to submit a small but growing number of spam, Spamcop ends its analysis of it with these words in red, look like a virus, do not submit viruses for reporting, nothing to do.

It is as though the spammers have figured some way to fool your server into mistaking it for a virus.

Any Ideas ?

Link to comment
Share on other sites

Attachments are not mandatory, the payload may appear as just another part provided for in the type="multipart/alternative"; of the Content-Type: declaration. There's a Netsky variant with the "If the message will not displayed automatically, follow the link to read the delivered message." message which shows a link to your ISP but actually links back to the email which displays no attachment because it has its own Content-ID, instead of an "attachment" dispersal declaration:


Content-Type: audio/x-wav;


Content-Transfer-Encoding: base64


Symantec would have no trouble with my one I should think although they don't document the "no attachment" feature last time I looked. If a known variant can do it (function without an "attachment"), others that the VDs of a particular AV application haven't caught up with yet can too. Have you sent it to Symantec (their reporting facility)?

And dra007 has been mentioning some self-opening type which do not have attachments. Sneaky little devils.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...