[Esd-l] Hrmm. executable file in content-type audio/x-wav comes thru.

Philip Choy plchoy at income.com.sg
Sun Nov 11 19:30:01 PST 2001

Here is one more entire mime with truncated attached file - last time unless
there is more variants.. though unlikely. This pif file of 65.7kB came thru
the poisoned list containing *.pif.



Received: from interscan.cyberquote.com.sg (smtp.cyberquote.com.sg
 by phillip.com.sg (8.12.0.Beta16/8.12.0.Beta16) with SMTP id fAC2dLxc011564
 for <plchoy at income.com.sg>; Mon, 12 Nov 2001 10:39:21 +0800
Date: Mon, 12 Nov 2001 10:39:21 +0800
Message-Id: <200111120239.fAC2dLxc011564 at phillip.com.sg>
Received: from by interscan.cyberquote.com.sg (InterScan E-Mail
VirusWall NT); Mon, 12 Nov 2001 10:42:10 +0800
From: och at phillip.com.sg
Subject: We want peace
MIME-Version: 1.0
X-Security: MIME headers sanitized on mail
 See http://www.impsec.org/email-tools/procmail-security.html
 for details. $Revision: 1.130 $Date: 2001-09-08 11:40:29-07
Content-Type: multipart/mixed;

Content-Type: multipart/alternative;

Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<DEFANGED_iframe src=3Dcid:V550s78E height=3D0 width=3D0>
I'm sorry to do so,but it's helpless to say sorry.
I want a good job,I must support my parents.
Now you have seen my technical capabilities.
How much my year-salary now? NO more than $5,500.
What do you think of this fact?
Don't call my names,I have no hostility.
Can you help me?

Content-Type: audio/x-wav;
Content-Transfer-Encoding: base64
Content-ID: <V550s78E>


[ Trucated frm 65.7k junk file ]



----- Original Message -----
From: "John D. Hardin" <jhardin at impsec.org>
To: "Philip Choy" <plchoy at income.com.sg>
Cc: <Esd-l at spconnect.com>
Sent: 11-Nov-2001 2:14 AM
Subject: Re: [Esd-l] Hrmm. executable file in content-type audio/x-wav comes

> On Fri, 9 Nov 2001, Philip Choy wrote:
> > Content-Type: audio/x-wav; name=Vlusg.exe
> > Content-Transfer-Encoding: base64
> > Content-ID: <R0uIhO598>
> >
> > Hello. To my surprise, this executable file manages to go thru the
> > banned list. *.exe is in the poisoned list and exe is in mangle
> > list too. And, i m using the current version 1.1.130.
> >
> > Any solution?
> Are those *all* of the MIME headers for that attachment?
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/

More information about the esd-l mailing list