[Esd-l] Confused: Catching .wup Files?
John D. Hardin
jhardin at impsec.org
Thu Jan 9 12:42:00 PST 2003
On Thu, 9 Jan 2003, Kevin Hemenway wrote:
> > SECURITY_POISON_WINEXE=
>
> So I've got this set system wide, and I'm using the
> nomacroscan version of the Sanitizer, but I still see:
>
> Checking document "Jan 21 2003 Seminar Notice.doc" for poisoning.
> Checking document "Jan 21 2003 Seminar Notice.doc" for poisoning.
>
> Is that normal?
Yes. The log messages indicate the document is bing compared to the
poisoned filenames list.
POISON_WINEXE scans for Windows Executable byte strings rather than
checking the filename.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad.
-- James Madison, 1799
-----------------------------------------------------------------------
663 days until the Presidential Election
More information about the esd-l
mailing list