[Esd-l] Hrmm. executable file in content-type audio/x-wav comes thru.

Philip Choy plchoy at income.com.sg
Sun Nov 11 18:17:01 PST 2001 

Here is the entire mime copied with source header trimmed partially. And, I
noticed that the attached file tends to be zero ie empty. I suppose that
Interscan at Cyberquote did the trucating of this file, or did a poor job of
it?

Phil.

------
Received: from interscan.cyberquote.com.sg (smtp.cyberquote.com.sg
[10.1.20.52])
 by phillip.com.sg (8.12.0.Beta16/8.12.0.Beta16) with SMTP id fAC1Hfxc015672
 for <plchoy at income.com.sg>; Mon, 12 Nov 2001 09:17:41 +0800
Date: Mon, 12 Nov 2001 09:17:41 +0800
Message-Id: <200111120117.fAC1Hfxc015672 at phillip.com.sg>
Received: from 10.88.94.87 by interscan.cyberquote.com.sg (InterScan E-Mail
VirusWall NT); Mon, 12 Nov 2001 09:20:31 +0800
From: nicsum at phillip.com.sg
Subject:
MIME-Version: 1.0
X-Security: MIME headers sanitized on mail
 See http://www.impsec.org/email-tools/procmail-security.html
 for details. $Revision: 1.130 $Date: 2001-09-08 11:40:29-07
Content-Type: multipart/mixed;
 boundary="------------InterScan_NT_MIME_Boundary"
Status:

--------------InterScan_NT_MIME_Boundary
Content-Type: multipart/alternative; boundary=X1V53X380827m82o08616iYW78a4L

--X1V53X380827m82o08616iYW78a4L
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<DEFANGED_iframe src=3Dcid:Nl73J2651X729e height=3D0 width=3D0>
</iframe>
<!--
I'm sorry to do so,but it's helpless to say sorry.
I want a good job,I must support my parents.
Now you have seen my technical capabilities.
How much my year-salary now? NO more than $5,500.
What do you think of this fact?
Don't call my names,I have no hostility.
Can you help me?
-->
</BODY></HTML>

--X1V53X380827m82o08616iYW78a4L
Content-Type: audio/x-wav;
 name=Rqxr.exe
Content-Transfer-Encoding: base64
Content-ID: <Nl73J2651X729e>


--X1V53X380827m82o08616iYW78a4L--


--------------InterScan_NT_MIME_Boundary--


----- Original Message -----
From: "John D. Hardin" <jhardin at impsec.org>
To: "Philip Choy" <plchoy at income.com.sg>
Cc: <Esd-l at spconnect.com>
Sent: 11-Nov-2001 2:14 AM
Subject: Re: [Esd-l] Hrmm. executable file in content-type audio/x-wav comes
thru.


> On Fri, 9 Nov 2001, Philip Choy wrote:
> > Content-Type: audio/x-wav; name=Vlusg.exe
> > Content-Transfer-Encoding: base64
> > Content-ID: <R0uIhO598>
> >
> > Hello. To my surprise, this executable file manages to go thru the
> > banned list. *.exe is in the poisoned list and exe is in mangle
> > list too. And, i m using the current version 1.1.130.
> >
> > Any solution?
>
> Are those *all* of the MIME headers for that attachment?
>
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/

More information about the esd-l mailing list