Am 24.02.2015 um 22:49 schrieb Alex Regan:
for a few months I'm getting lots of Polish spam to one of my e-mail addresses, sometimes a dozen per day. I have no idea what it's telling me, I don't understand a single word. I just recognise characteristic characters to know the language. Some messages have a .pl domain as sender address, others not. The sending hosts have all kinds of TLDs. Most messages have only a very short or empty body (a few words at maximum). Almost all messages contain a .zip attachment, often named like *_JPG.zip or *.pdf.zip. It doesn't seem to contain malware caught by clamav, but I haven't looked into any of these archives yet.I have a number of mime_header_checks rules that reject unwanted file types. This can also be done with amavisd. Does anyone know/think it would be a good idea to add ".pdf.zip" to the mime types reject list? Has anyone seen a real example that wasn't a virus?
well, if i right click ona PDF file at my KDE desktop the context menu offers a simple option to compress it as zip archive resulting in origin-name.pdf.zip
here you go: http://sanesecurity.com/usage/signatures/ the zip is not the problem, the content is interesting as already mentioned: http://sanesecurity.com/foxhole-databases/
signature.asc
Description: OpenPGP digital signature
