[Esa-l]Re: URGENT - sample mail with vbs which passes your sanitizer

Murray Crane mcrane at longbridge.com
Thu May 10 09:37:09 PDT 2001

On Thu, 10 May 2001 06:50:23 -0700 (PDT), John D. Hardin wrote:

>Okay, folks, it looks like it is happening. This HOMEPG worm appears
>to be propagating as a TNEF attachment in some cases.
>The 1.0 sanitizer CANNOT sanitize this variant, as it does not peer
>into TNEF attachments.

Correct me if I'm wrong here, but turning on SECURITY_STRIP_MSTNEF will also prevent this particular avenue of attack, will it not?
Murray Crane
Longbridge International Plc

More information about the esd-l mailing list