[Esa-l]Re: URGENT - sample mail with vbs which passes your
sanitizer
Chris Smith
csmith at squiz.net
Thu May 10 15:54:14 PDT 2001
if ($ENV{"SECURITY_STRIP_MSTNEF"} && $hdrtxt =~
/^Content-Type:\s+application\/MS-TNEF/i) { #\
Will this part do it? (This is in 1.128)... It seems to strip the TNEF
attachment out (lines 719-728) & makes a security notice report.
Or am I missing something and need to switch something on somewhere else? :)
> On Thu, 10 May 2001 06:50:23 -0700 (PDT), John D. Hardin wrote:
> >Ouch.
> >
> >Okay, folks, it looks like it is happening. This HOMEPG worm appears
> >to be propagating as a TNEF attachment in some cases.
> >
> >The 1.0 sanitizer CANNOT sanitize this variant, as it does not peer
> >into TNEF attachments.
>
> John,
> Correct me if I'm wrong here, but turning on SECURITY_STRIP_MSTNEF will
> also prevent this particular avenue of attack, will it not? Murray Crane
> Sysadmin
> Longbridge International Plc
--
Chris Smith
http://www.squiz.net
More information about the esd-l
mailing list