[clamav-users] ClamAV+exim: scanner finds not a single malware

Groach groachmail-stopspammingme at yahoo.com
Mon May 30 12:01:13 EDT 2016


Indeed.  Actually my thought/point was about the password protection 
aspect of the zip file hiding/encrypting whatever flavour of virus it 
holds within (to fool scanners).  Its true most educated people wont 
open them but not everyone is educated.  It only takes 1 numbskull  to 
be fooled and open it for it to be then sent out to god knows how many 
thousands.

I guess the art (and moral reasons) for sending viruses and spam out is 
lost on me anyway so I guess I have got no chance of understanding (or 
agreeing to) their choice of delivery methods.

Scourge of the earth, they are.


On 30/05/2016 17:32, Joel Esler (jesler) wrote:
> Users are so trained to not open those now, they are defeated, plus conviction of the file is pretty easy generically.
>
> The ones going around right now with the JavaScript inside of zip files are much more dynamic.
>
> --
> Joel Esler
> iPhone
>
> On May 30, 2016, at 11:17 AM, Groach <groachmail-stopspammingme at yahoo.com<mailto:groachmail-stopspammingme at yahoo.com>> wrote:
>
> Im quite surprised really.  It seems the logical thing to do to fool inbound mail AV scanners leaving onus on the naive/stupid (delete as applicable) end user.
>
>
>
> On 30/05/2016 16:48, Joel Esler (jesler) wrote:
> Haven't seen those in a couple years.   They were big in the late 90's.
>
> --
> Joel Esler
> iPhone
>
> On May 30, 2016, at 10:21 AM, Kris Deugau <kdeugau at vianet.ca<mailto:kdeugau at vianet.ca><mailto:kdeugau at vianet.ca>> wrote:
>
> Groach wrote:
> As a side note:  is anyone surprised a virus hasnt been released,
> embedded in a  'password protected' Zip file (to fool AV scans) with the
> body of the email sayuing something like "to fight against viruses and
> to protect you, it is password protected.  Your password is:  ABC123" ?
> That is bound to fool some users, aint it.  (Or has this already been
> done and I havent seen it)?
>
> I've seen a couple of those, although none recently.  I don't recall if
> I archived a copy for reference or not.
>
> -kgd
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml




More information about the clamav-users mailing list