[Esd-l] Got a message that the cat dragged in, now what ?

John D. Hardin jhardin at impsec.org
Fri Sep 19 05:30:28 PDT 2003


On Fri, 19 Sep 2003, Tommy Lindqvist wrote:

> I can gzip a copy of the message after editing out a suitable
> portion of the virii ( swen ) in it, but I do not know where to
> send it.

Don't worry about disabling the content, I don't use Windows.

Please gzip the original raw message with all headers and mail it to
me.

Thanks!

> I do not even know if anyone besides me is interested in
> figuring out how the virii managed to get past the scanner.

I am.

> My first laymans guess would be that:
> 
> Content-Type: application/x-msdownload; name="Q179632.exe"
> Content-Disposition: attachment
> Content-Transfer-Encoding: base64
> 
> Is not recognized as a file.

That looks like an unremarkable MIME header. It should be detected.

> Any clues now what to do next ?

I'd have to see the message.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------
   3 days until Galileo is deorbited



More information about the esd-l mailing list