[Esd-l]
Re: [Esa-l] ALERT: new .ZIP worm uses multiple obfuscation
layers
John D. Hardin
jhardin at impsec.org
Fri Mar 12 19:31:19 PST 2004
On Sat, 13 Mar 2004, Torkil Zachariassen wrote:
> John D. Hardin wrote:
> >
> > You may want to add "*.html?" and "*.eml" and "*.msg" to your zipfile
> > poison list.
>
> Please add those for all of us.
I don't provide a default zipfile poison list (should I?) and the
semantics for the sanitizer poison list and the zipfile poison list
are slightly different.
> > This is getting annoying. I *so* do not want to recurse into zip
> > attachments.
>
> It is not annoying. It is a security threath, and as serious one.
>
> The options are to block zip or handle them recursivly.
True.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
22 days until the Slovakian Presidential Election
More information about the esd-l
mailing list