[Esd-l] URG: Updated novarg local rule for sanitizer

Scott Taylor scott at dctchambers.com
Tue Jan 27 08:48:20 PST 2004

At 06:08 AM 01/27/2004, John D. Hardin wrote:
>Based on what made it through overnight I have updated the rule a bit.
>See the attachment or grab the recommended rules file.


>Unfortunately it seems to be using some random filenames, so I will be
>looking for signature strings in the base64 attachment body. Keying
>off the filename won't be enough.

Gee John, maybe it's time to write a full fledged virus scanner.  How about 
uzipping the attachment and looking at it that way.  May be a bit resource 
intensive, but that's why servers keep getting bigger. ;)

>    67 days until the Slovakian Presidential Election


More information about the esd-l mailing list