[Esd-l] Sober.l is sneaking through.

John D. Hardin jhardin at impsec.org
Fri Feb 25 13:20:43 PST 2005

On Fri, 25 Feb 2005, Smart,Dan wrote:

> Sober.l E-mails with .zip attachments containing a .pif payload is
> sneaking by Sanitizer.  Not sure why.  *.pif is in my
> zipped_poison list.  I'm wondering if this worm has found a way to
> bypass the zip checking code.

Set DEBUG=Y and DEBUG_VERBOSE=Y and you should be able to see all the
nasty details of the scanning.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr at idiom.com>

More information about the esd-l mailing list