[Esd-l] Problem with unmangling attachments

John D. Hardin jhardin at impsec.org
Mon Jun 3 15:39:00 PDT 2002

On Sun, 2 Jun 2002, Eric Kwant wrote:

> The mail system has detected that the following
> attachment may contain hazardous program code, is
> a suspicious file type, or has a suspicious file name.
> Do not trust it. Contact your system administrator immediately.
> X-Content-Security: [computer] original Content-Type was
> application/x-msdownload;
> Content-Type: application/octet-stream; name="AstroVideo.25811DEFANGED-exe"
> Content-Disposition: attachment; filename="AstroVideo.25811DEFANGED-exe"
> Content-Transfer-Encoding: base64
> AAAAEAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v

This is not just a mangled attachment, it is a poisoned attachment. It
should have been quarantined. Are you not using a quarantine? If you
are using a quarantine, check to see why it didn't get quarantined.

In order to fix this you need to edit the raw message. I *think* you
can coax Outlook into saving the raw message by saying File->Save As
when the message is displayed in a window. Then you need to edit the
message file and insert the MIME boundary line as described further
down (with an example) in the how-to-defang document.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
   354 days until The Matrix Reloaded

More information about the esd-l mailing list