[Esd-l] Trapped poisoned executable

Paul Thomas paul at cuenet.com
Sun Jan 13 21:28:00 PST 2002


Hi, back again;)

I'm listed in me /etc/procmailrc/SECURITY_NOTIFY="" and since I've
upgraded to 1.33, the Sanitizer trapped a poisoned executable and
sent to me a copy of the message:

Our email gateway has detected that your message to
BlaBla msgid=<200201131212.g0DCC7v23151 at mail505.nifty.com>
MAY contain hazardous...
[snip]

REPORT: Trapped poisoned executable "ME_NUDE.MP3.scr"
.....

I looked in my quaratined file and found the quarantined mail
(I have quaratine enabled btw) was marked up by the Sanitizer
as:

X-Content-Security: [orbital.cuenet.com] REPORT: Trapped BadTrans worm -
see htt
p://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html

and the actual message has:

X-Content-Security: [orbital] original Content-Type was audio/x-wav;
Content-Type: application/octet-stream; name="ME_NUDE.MP3.30072DEFANGED-scr"
Content-ID: <EA4DMGBP9p>
Content-Transfer-Encoding: base64


I guess I'm not sure why one notice says badstrans and the other doesn't
or is it really badtrans at all. I happen to know the recipient and it
wouldn't be unusual for them to receive a nutty media file in the mail.

Thanks,

--Paul

--
"Yesterday's the past and tomorrow's the future. Today is a gift - which
is why they call it the present."
-Bill Keane



More information about the esd-l mailing list