[Esd-l] Trapped zip file logging
John D. Hardin
jhardin at impsec.org
Thu Mar 4 09:18:04 PST 2004
On Thu, 4 Mar 2004, Smart,Dan wrote:
> ================================================
> Checking ZIP archive "Info.zip" for poisoning.
> Decoding to "/tmp/mailchk.JyuzAS"
> Checking zipped "xvpol.exe"
> Trapped "xvpol.exe".
> ================================================
>
> Could the last line say something like "Trapped zipped executable "
Well, what if your zip poison list contains "*.zip" to block nested
ZIP archives? That's not an executable...
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
30 days until the Slovakian Presidential Election
More information about the esd-l
mailing list