[Esd-l] Confused: Catching .wup Files?

John D. Hardin jhardin at impsec.org
Wed Jan 8 13:48:01 PST 2003


On Wed, 8 Jan 2003, Kevin Hemenway wrote:

> Good day. The latest Sanitizer seems to be catching .wup files:
> 
>   X-Content-Security: [server] NOTIFY
>   X-Content-Security: [server] QUARANTINE
>   X-Content-Security: [server] REPORT: Trapped Windows executable attachment
> 
>   ------=_NextPart_000_0997_01C2B72E.AF79F820
>   Content-Type: application/octet-stream; name="tcupd.wup"
>   Content-Disposition: attachment; filename="tcupd.wup"
>   Content-Transfer-Encoding: base64
> 
> Anyway I can turn this off? I've got people complaining.

You may need to set up a whitelist and disable the Windows file magic
scanning for people you trust.

  :0
  * ^From:.*(trusted1|trusted2)@somedomain.com
  {
    SECURITY_POISON_WINEXE=
  }



--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
-----------------------------------------------------------------------
   664 days until the Presidential Election



More information about the esd-l mailing list