[Esd-l] Fw: .com file which passed thru the sanityzer
John D. Hardin
jhardin at impsec.org
Mon Nov 24 12:56:22 PST 2003
On Mon, 24 Nov 2003, Juan Maria Gil wrote:
> Hi,
>
> Today we have received some emails from a security test sent to us by SecurityMetrics,
> eveyone of the executables were sanitized but one.
> This is the significative parts of this message:
>
> Subject: [raq550] Nessus antivirus test 4: broken MIME attachment (ISO encoding)
It's probably the encoding of the filename. The sanitizer isn't up to
speed on some of the more esoteric formats.
> --=-=-=
> Content-Disposition: attachment;
> filename="eicar.=?ISO-8859-1?Q?c?= =?ISO-8859-1?Q?o?=
> =?ISO-8859-1?Q?m?="
Yup, that's it. The sanitizer does not currently understand that
complex an encoding.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"To disable the Internet to save EMI and Disney is the moral
equivalent of burning down the library of Alexandria to ensure the
livelihood of monastic scribes."
-- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
23 days until The Return of the King
More information about the esd-l
mailing list