[Esd-l] New compressed file extension

Simon Matthews simon at paxonet.com
Fri Jan 7 11:05:00 PST 2005

I just received a virus that used ".z" as the extension.

Inside was a file with a "many spaces".scr file.

How do I get the zip file scanning to include ".z"?


At 09:41 AM 1/7/05 -0800, John D. Hardin wrote:
>On Fri, 7 Jan 2005, Smart,Dan wrote:
> > Happy New Year John!
> > Since we are getting more and more Phishing emails with bogus
> > reply URLs, is (would) it be possible to mangle in such a way that
> > the URL is shown in Outlook, but cannot be executed?
>Hrm. That would mean *removing* the <A> tag, as unrecognized (mangled)
>tags are just ignored.
>...try editing a phishing message and changing the <A tag to
>something like _A (so that it's no longer a tag) and see if it looks
>usable. *that* sort of mangling wouldn't be too hard to do...
>Something like "<A" -> "Sanitized clickable link: " would be doable.
>What I don't want to do is build a complete HTML parser into the
> > Most of these show a "nice name" but the embedded URL doesn't
> > point there.
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
>  jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
>  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
>What nuts do with guns is terrible, certainly. But what evil or crazy
>people do with *anything* is not a valid argument for banning that item.
>                                   -- John C. Randolph <jcr at idiom.com>
>Esd-l mailing list
>Esd-l at spconnect.com
>******************Legal Disclaimer**************************
>"This email may contain confidential and privileged material for the sole 
>use of the intended recipient.  Any unauthorized review, use or 
>distribution by others is strictly prohibited.  If you have received the 
>message in error, please advise the sender by reply email and delete the 
>message. Thank you."

More information about the esd-l mailing list