[Esd-l] Klez@ worm/virus
Hermann Wecke
hermann at rodeios.com
Thu Apr 18 14:54:02 PDT 2002
I think those headers below indicate messages that are infected with Klez at ...
As you can see, they are defanged but they were not trapped.
Is this the "normal" behavior (defange only for Content-Type = audio/x-wav
and extension = .exe - a fake extension) or I made any mistake on my 1.133
installation?
Thanks, Hermann
X-Content-Security: [mail.hermann.com.br] original Content-Type was
audio/x-wav;
Content-Type: application/octet-stream; name="href.13481DEFANGED-exe"
Content-ID: <Af3dgHX4824N90x0W7>
Content-Transfer-Encoding: base64
X-Content-Security: [mail.hermann.com.br] original Content-Type was
audio/x-midi;
Content-Type: application/octet-stream; name="Brasil..14642DEFANGED-exe"
Content-ID: <G3015G050qk6A6M>
Content-Transfer-Encoding: base64
X-Content-Security: [mail.hermann.com.br] original Content-Type was
audio/x-midi;
Content-Type: application/octet-stream;
name="btn_low_arrowr[1].18952DEFANGED-exe"
Content-ID: <Qj4Kj5K702n048>
Content-Transfer-Encoding: base64
More information about the esd-l
mailing list