[Esa-l] Poisoning "from" and subject line?

Dustin Ankeny dustin at heritageind.com
Thu Nov 30 11:56:14 PST 2000

I've been having some difficulty with the poisoned list, with viruses like
hybris (which does not have a standard exe/scr name, it has a list of names
randomly picked) so therefore hard to poison... but it always appears to be
sent from...

From: Hahaha <hahaha at sexyfun.net>

Or it always has a standard subject line of

Subject: Snowhite and the Seven Dwarfs - The REAL story!

Anyway getting to my point, could there also be poisoned list for the
subject line as well as the from field? (possibly others?)  I know this is
getting a little out there, but I believe that attachment names will be
getting a little more fluid or polymorphic as time goes on.  So any other
standard keys that virus/trojan writers give us, we should use against them.

Oh by the way, I have my current poisoned list here which has the hybris
names in it.

Thank you for your time,
Dustin Ankeny


More information about the esd-l mailing list