[Esd-l] Trapped poisoned Microsoft attachments?
John D. Hardin
jhardin at impsec.org
Tue Feb 18 06:30:07 PST 2003
On Tue, 18 Feb 2003, Kenneth Porter wrote:
> > Actually, right now the cause is probably an embedded image or
> > external file reference, for which the default score is 99.
>
> Until I was bound to bypass the scanner on all intra-company mail
> (too many people using Word to send all-text stuff) I was getting
> hits from documents that had the Word macro name "VirusProtection"
> in it with a max score, which I think was a viral fragment left
> after their machine had been cleaned from a prior infection.
Very likely.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
93 days until The Matrix Reloaded
More information about the esd-l
mailing list