[Esa-l] Magistr worm defanged but not caught

Brett Glass brett at lariat.org
Wed Aug 22 11:20:57 PDT 2001 

Today, I received a copy of Magistr that was defanged but
not caught by John's filter (my own checker nabbed it later
in the process). Here's what I got (sans the attachment, of
course). Any ideas on how to match this with the sanitizer?

--Brett Glass

>Return-Path: <rpetrella at socal.rr.com>
>Received: from laxmls04.socal.rr.com (laxmls04.socal.rr.com [24.30.163.18])
>        by lariat.org (8.9.3/8.9.3) with ESMTP id MAA18638
>        for <brett at lariat.org>; Wed, 22 Aug 2001 12:04:09 -0600 (MDT)
>Received: from smtp-server.socal.rr.com (sc-24-165-88-218.socal.rr.com [24.165.88.218])
>        by laxmls04.socal.rr.com (8.11.4/8.11.3) with SMTP id f7MI2fx17129;
>        Wed, 22 Aug 2001 11:02:41 -0700 (PDT)
>Date: Wed, 22 Aug 2001 11:02:41 -0700 (PDT)
>Message-Id: <200108221802.f7MI2fx17129 at laxmls04.socal.rr.com>
>FROM: Richard Petrella <rpetrella at socal.rr.com>
>SUBJECT: February 1995 while working 
>X-MSMail-Priority: Normal
>X-Priority: 3
>X-Mailer: Microsoft Outlook Express 5.00.2014.211
>MIME-Version: 1.0
>X-Security: Warning! Do not open files attached to e-mail if you do not
>        have an up-to-date virus protection program or did not expect to
>        receive them. Even if the message is from someone you know, an
>        attachment can contain a virus sent without his or her knowledge.
>Content-Type: multipart/mixed;
>        boundary="----=_NextPart_000_00BC_01D9DF44.F3EF4450"
>Content-Transfer-Encoding: 7bit
>X-UIDL: a5a0dda0a277f850f1c40d5176c071ca
>
>His back, while performing his jobs duties. Tony immediately notified the store manager, at that time, Phil Martini. Phil told Tony to wait until he; Phil could get a relief man to replace him at the receiving door, some where between 10am- 11am. Tony returned to work 3 days later. He then asked me to recommend a good Chiropractor, and I gave him the name of Dr.X-Content-Security: [lariat.org] original Content-Type was image/gif;
>Content-Type: application/octet-stream; name="HPFLDR.18643DEFANGED-EXE"
>Content-Disposition: attachment; filename="HPFLDR.18643DEFANGED-EXE"

More information about the esd-l mailing list