[Esd-l] Attachment of application.pif was not stripped
John D. Hardin
jhardin at impsec.org
Sat Aug 23 07:47:36 PDT 2003
On Sat, 23 Aug 2003, Mike McCandless wrote:
> However, I'm confused about why the application.pif was not
> stripped by the Sanitizer. The user in question got plenty of
> other .pif attachments, which were successfully stripped by the
> Sanitizer. Any ideas?
The most likely possibility is that it's an older SoBig, one that
delivered the attack wrapped in a .ZIP file. Check the website for the
sample local-rules file that detects and quarantines this version.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
70 days until Matrix Revolutions
More information about the esd-l
mailing list