[Esd-l] Palyh worm

Andy Feldt feldt at nhn.ou.edu
Tue May 20 14:03:15 PDT 2003

> --On Tuesday, May 20, 2003 3:31 PM -0400 Dan Doucette
> <ddoucette at redlon-johnson.com> wrote:
> > Should this be added?
> Don't know, hence my post. Hopefully John will sound off on this soon.
> The articles indicate that Windoze executes the file no matter the extension,
> so it may be that extension-based blocking won't help in this case.
> I vaguely recalled something about scanning file content for the magic
> executable header, and found code in the Sanitizer that checks UUE files
> specifically. But .pi still looks like it might be an issue.

All of the messages we have received had a Content-Type 'name' with the full
'.pif' extension and a Content-Disposition 'filename' with the '.pi'
extension. They were all caught by the Sanitizer.

Andy Feldt
Senior System Support Programmer
Affiliate Assistant Professor
Department of Physics and Astronomy
The University of Oklahoma

More information about the esd-l mailing list