[Esd-l] filter bypass HOW?

John D. Hardin jhardin at impsec.org
Fri Sep 28 18:26:01 PDT 2001


On Thu, 27 Sep 2001, Gerard MANNIG wrote:

> A 06:20 27/09/01 -0500, Sergio Cesar icrit:
> 
> >How can a users of Outlook send an ".dll" attachment that would bypass the
> >sanitizer if it is setup with the X-Security: sanitizer bypass  <pw> ???
> 
> - encyphering
> - splitting file ...

Not really, unless either changed the filename.

The standard answer for "how do I bypass the sanitizer" is "ZIP the
file".

This is (at least for now) a pretty good indication that it's not a
worm, and unzipping the file on your desktop system will give your A/V
software a chance to examine the contents.

Outlook and other Windows mail clients generally don't let you define
your own custom mail headers, so adding explicit bypass support is
only really useful to the postmaster.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1131 days until the Presidential Election



More information about the esd-l mailing list