[Esd-l] Re: [Esa-l] Warning: some .ZIP attacks not being trapped
John D. Hardin
jhardin at impsec.org
Mon Jul 26 21:57:06 PDT 2004
On Mon, 26 Jul 2004, John D. Hardin wrote:
> A couple of zipped worms just dropped into my mailbox. The base64
> encoding looks really odd, and may be explicitly crafted to bypass
> scanners, as it appears to exploit a weakness in the CPAN MIME::Base64
> module *and* the mimencode program. I am investigating.
I think I understand what's happening. I have a temporary workaround
in the devel code (1.144pre6) that requires you use the CPAN base64
module.
I will try to make it more elegant and try to make it work with
mimencode as well.
If you try the devel release, PLEASE let me know if any false
positives are trapped.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The [assault weapons] ban is the moral equivalent of banning red
cars because they look too fast.
-- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
49 days until the "Scary-Looking Guns" ban expires
More information about the esd-l
mailing list