[Esd-l] Trapped poisoned executable

John D. Hardin jhardin at impsec.org
Mon Jan 14 06:40:01 PST 2002


On Sun, 13 Jan 2002, Paul Thomas wrote:

> I guess I'm not sure why one notice says badstrans and the other
> doesn't or is it really badtrans at all. I happen to know the
> recipient and it wouldn't be unusual for them to receive a nutty
> media file in the mail.

If you've installed the recommended local-rules script, then there are
some signature-based checks for some specific common email worms.
That's where the notice about badtrans comes from.

If a signature-based rule doesn't identify the worm, then the generic
"poison *.SCR" rule traps the message and notifies you, but it can't
tell you which worm it is.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Monty Python's Star Trek Voyager:
  A successful trans-warp experiment turns Paris and Janeway into
  newts, but they get better.
  ...wait a minute... It's already been done...
-----------------------------------------------------------------------
   5 days until Babylon 5: the Legend of the Rangers



More information about the esd-l mailing list