[Esd-l] NOTICE: you probably should add *.CPL to your poison list

John D. Hardin jhardin at impsec.org
Wed May 5 09:51:23 PDT 2004

On Wed, 5 May 2004, Rob Landry wrote:

> Alas, several of our machines got infected Friday when the .cpl stuff
> started coming through.

Are you using the Windows Magic option? If so, did they get past that?

> Given that the wormmongers seem to be putting arbitrary suffixes
> on their payloads to get around filters such as Sanitizer, might
> it be time to switch to a system whereby all attachments are
> disallowed except those bearing an allowable suffix (.doc, .exe,
> .pdf, .mp3, etc)?


 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  Bush? Kerry? I'm so sick of our elections always being "choose the
  lesser of two evils."
   181 days until the Presidential Election

More information about the esd-l mailing list