[Esd-l] NOTICE: you probably should add *.CPL to your
poison list
John D. Hardin
jhardin at impsec.org
Wed May 5 09:51:23 PDT 2004
On Wed, 5 May 2004, Rob Landry wrote:
> Alas, several of our machines got infected Friday when the .cpl stuff
> started coming through.
Are you using the Windows Magic option? If so, did they get past that?
> Given that the wormmongers seem to be putting arbitrary suffixes
> on their payloads to get around filters such as Sanitizer, might
> it be time to switch to a system whereby all attachments are
> disallowed except those bearing an allowable suffix (.doc, .exe,
> .pdf, .mp3, etc)?
Probably...
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Bush? Kerry? I'm so sick of our elections always being "choose the
lesser of two evils."
-----------------------------------------------------------------------
181 days until the Presidential Election
More information about the esd-l
mailing list