[Esd-l] Got a message that the cat dragged in, now what ?
John D. Hardin
jhardin at impsec.org
Fri Sep 19 05:30:28 PDT 2003
On Fri, 19 Sep 2003, Tommy Lindqvist wrote:
> I can gzip a copy of the message after editing out a suitable
> portion of the virii ( swen ) in it, but I do not know where to
> send it.
Don't worry about disabling the content, I don't use Windows.
Please gzip the original raw message with all headers and mail it to
me.
Thanks!
> I do not even know if anyone besides me is interested in
> figuring out how the virii managed to get past the scanner.
I am.
> My first laymans guess would be that:
>
> Content-Type: application/x-msdownload; name="Q179632.exe"
> Content-Disposition: attachment
> Content-Transfer-Encoding: base64
>
> Is not recognized as a file.
That looks like an unremarkable MIME header. It should be detected.
> Any clues now what to do next ?
I'd have to see the message.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
-- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------
3 days until Galileo is deorbited
More information about the esd-l
mailing list