[Esd-l] Problem with unmangling attachments
John D. Hardin
jhardin at impsec.org
Mon Jun 3 15:39:00 PDT 2002
On Sun, 2 Jun 2002, Eric Kwant wrote:
> SECURITY WARNING!
>
> The mail system has detected that the following
> attachment may contain hazardous program code, is
> a suspicious file type, or has a suspicious file name.
> Do not trust it. Contact your system administrator immediately.
>
> X-Content-Security: [computer] original Content-Type was
> application/x-msdownload;
> Content-Type: application/octet-stream; name="AstroVideo.25811DEFANGED-exe"
> Content-Disposition: attachment; filename="AstroVideo.25811DEFANGED-exe"
> Content-Transfer-Encoding: base64
>
> TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAEAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
This is not just a mangled attachment, it is a poisoned attachment. It
should have been quarantined. Are you not using a quarantine? If you
are using a quarantine, check to see why it didn't get quarantined.
In order to fix this you need to edit the raw message. I *think* you
can coax Outlook into saving the raw message by saying File->Save As
when the message is displayed in a window. Then you need to edit the
message file and insert the MIME boundary line as described further
down (with an example) in the how-to-defang document.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"To disable the Internet to save EMI and Disney is the moral
equivalent of burning down the library of Alexandria to ensure the
livelihood of monastic scribes."
-- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
354 days until The Matrix Reloaded
More information about the esd-l
mailing list