[Esa-l] Magistr worm defanged but not caught
brett at lariat.org
Wed Aug 22 11:20:57 PDT 2001
Today, I received a copy of Magistr that was defanged but
not caught by John's filter (my own checker nabbed it later
in the process). Here's what I got (sans the attachment, of
course). Any ideas on how to match this with the sanitizer?
>Return-Path: <rpetrella at socal.rr.com>
>Received: from laxmls04.socal.rr.com (laxmls04.socal.rr.com [18.104.22.168])
> by lariat.org (8.9.3/8.9.3) with ESMTP id MAA18638
> for <brett at lariat.org>; Wed, 22 Aug 2001 12:04:09 -0600 (MDT)
>Received: from smtp-server.socal.rr.com (sc-24-165-88-218.socal.rr.com [22.214.171.124])
> by laxmls04.socal.rr.com (8.11.4/8.11.3) with SMTP id f7MI2fx17129;
> Wed, 22 Aug 2001 11:02:41 -0700 (PDT)
>Date: Wed, 22 Aug 2001 11:02:41 -0700 (PDT)
>Message-Id: <200108221802.f7MI2fx17129 at laxmls04.socal.rr.com>
>FROM: Richard Petrella <rpetrella at socal.rr.com>
>SUBJECT: February 1995 while working
>X-Mailer: Microsoft Outlook Express 5.00.2014.211
>X-Security: Warning! Do not open files attached to e-mail if you do not
> have an up-to-date virus protection program or did not expect to
> receive them. Even if the message is from someone you know, an
> attachment can contain a virus sent without his or her knowledge.
>His back, while performing his jobs duties. Tony immediately notified the store manager, at that time, Phil Martini. Phil told Tony to wait until he; Phil could get a relief man to replace him at the receiving door, some where between 10am- 11am. Tony returned to work 3 days later. He then asked me to recommend a good Chiropractor, and I gave him the name of Dr.X-Content-Security: [lariat.org] original Content-Type was image/gif;
>Content-Type: application/octet-stream; name="HPFLDR.18643DEFANGED-EXE"
>Content-Disposition: attachment; filename="HPFLDR.18643DEFANGED-EXE"
More information about the esd-l