[Esd-l] Re: [Esa-l] Sanitizer rule for Novarg .ZIP attack
John D. Hardin
jhardin at impsec.org
Thu Jan 29 14:38:09 PST 2004
On Thu, 29 Jan 2004, Simon Matthews wrote:
> John, and others,
>
> I've seen a few copies of a variant that has no subject, no text (to be
> more accurate, it claims to have to have a section that uses Windows-1252
> charset, but it's empty), just a zip file attachment.
>
> Any suggestions on filtering? Anyone want to see a copy?
That's why I took out the subject test. The current local rule should
catch such variants.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
65 days until the Slovakian Presidential Election
More information about the esd-l
mailing list