[Esd-l] Palyh worm
Andy Feldt
feldt at nhn.ou.edu
Tue May 20 14:03:15 PDT 2003
> --On Tuesday, May 20, 2003 3:31 PM -0400 Dan Doucette
> <ddoucette at redlon-johnson.com> wrote:
>
> > Should this be added?
>
> Don't know, hence my post. Hopefully John will sound off on this soon.
>
> The articles indicate that Windoze executes the file no matter the extension,
> so it may be that extension-based blocking won't help in this case.
>
> I vaguely recalled something about scanning file content for the magic
> executable header, and found code in the Sanitizer that checks UUE files
> specifically. But .pi still looks like it might be an issue.
All of the messages we have received had a Content-Type 'name' with the full
'.pif' extension and a Content-Disposition 'filename' with the '.pi'
extension. They were all caught by the Sanitizer.
---
Andy Feldt
Senior System Support Programmer
Affiliate Assistant Professor
Department of Physics and Astronomy
The University of Oklahoma
More information about the esd-l
mailing list