[Esd-l] Trapped poisoned executable
John D. Hardin
jhardin at impsec.org
Mon Jan 14 06:40:01 PST 2002
On Sun, 13 Jan 2002, Paul Thomas wrote:
> I guess I'm not sure why one notice says badstrans and the other
> doesn't or is it really badtrans at all. I happen to know the
> recipient and it wouldn't be unusual for them to receive a nutty
> media file in the mail.
If you've installed the recommended local-rules script, then there are
some signature-based checks for some specific common email worms.
That's where the notice about badtrans comes from.
If a signature-based rule doesn't identify the worm, then the generic
"poison *.SCR" rule traps the message and notifies you, but it can't
tell you which worm it is.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Monty Python's Star Trek Voyager:
A successful trans-warp experiment turns Paris and Janeway into
newts, but they get better.
...wait a minute... It's already been done...
-----------------------------------------------------------------------
5 days until Babylon 5: the Legend of the Rangers
More information about the esd-l
mailing list