[Esd-l] Trapped poisoned executable

Paul Thomas paul at cuenet.com
Sun Jan 13 21:28:00 PST 2002

Hi, back again;)

I'm listed in me /etc/procmailrc/SECURITY_NOTIFY="" and since I've
upgraded to 1.33, the Sanitizer trapped a poisoned executable and
sent to me a copy of the message:

Our email gateway has detected that your message to
BlaBla msgid=<200201131212.g0DCC7v23151 at mail505.nifty.com>
MAY contain hazardous...

REPORT: Trapped poisoned executable "ME_NUDE.MP3.scr"

I looked in my quaratined file and found the quarantined mail
(I have quaratine enabled btw) was marked up by the Sanitizer

X-Content-Security: [orbital.cuenet.com] REPORT: Trapped BadTrans worm -
see htt

and the actual message has:

X-Content-Security: [orbital] original Content-Type was audio/x-wav;
Content-Type: application/octet-stream; name="ME_NUDE.MP3.30072DEFANGED-scr"
Content-ID: <EA4DMGBP9p>
Content-Transfer-Encoding: base64

I guess I'm not sure why one notice says badstrans and the other doesn't
or is it really badtrans at all. I happen to know the recipient and it
wouldn't be unusual for them to receive a nutty media file in the mail.



"Yesterday's the past and tomorrow's the future. Today is a gift - which
is why they call it the present."
-Bill Keane

More information about the esd-l mailing list