[Esd-l] Catching email based on subject

John D. Hardin jhardin at impsec.org
Tue Jan 7 21:12:01 PST 2003

On Sun, 5 Jan 2003, Paul Ferwerda wrote:

> I realize that this is probably a really dumb question, but we've
> got email over SSL and we're getting email with the following
> sorts of headers which takes forever to download:

> X-Security: MIME headers sanitized on srv01.mxtabs.net

> Content-Description: SECURITY NOTICE SECURITY NOTICE: The mail system has
> removed a file attachment from this message. The attachment has been
> discarded. Please contact your system administrator for details. Filename:
> install.exe

I suggest you contact the postmaster at mxtabs.net and ask them to
quarantine messages with executable attachments rather than stripping
the attachment. That way you won't have to download the non-worm
"camouflage" attachments.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
   665 days until the Presidential Election

More information about the esd-l mailing list