[Esd-l] Re: [Esa-l] ALERT: new .ZIP worm uses multiple
obfuscation layers
Yves Agostini
agostini at univ-metz.fr
Sat Mar 13 01:07:39 PST 2004
[demime could not interpret encoding binary - treating as plain text]
One workaround could be to mangle zip files with html files ...
> On Sat, 13 Mar 2004, Torkil Zachariassen wrote:
>
> > John D. Hardin wrote:
> > >
> > > You may want to add "*.html?" and "*.eml" and "*.msg" to your zipfile
> > > poison list.
> >
> > Please add those for all of us.
>
> I don't provide a default zipfile poison list (should I?) and the
> semantics for the sanitizer poison list and the zipfile poison list
> are slightly different.
>
> > > This is getting annoying. I *so* do not want to recurse into zip
> > > attachments.
> >
> > It is not annoying. It is a security threath, and as serious one.
> >
> > The options are to block zip or handle them recursivly.
>
> True.
>
> --
> John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
> jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
> key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
> does quite what I want. I wish Christopher Robin was here."
> -- Peter da Silva in a.s.r
> -----------------------------------------------------------------------
> 22 days until the Slovakian Presidential Election
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
More information about the esd-l
mailing list