On Thu, Sep 25, 2003 at 11:39:08PM -0700, Ross Boylan wrote: | I just received a MS upgrade worm that appears to have a complete | executable that's 0.1k. So the whole message is quite brief. Are you sure there was really an executable in that message? I've received quite a few similar messages, except there is absolutely no content in the .exe mime part. BTW, a rule like this in your mail system's mime header checks is quite effective against certain forms of trash : /^Content-Type: .*x-(?:wav|midi);.*\.exe\b/ DISCARD LookOut! exploit /^Content-Type: .*x-wav;.*\.txt\b/ DISCARD LookOut! exploit (this particular syntax is a pcre map in postfix (>= 2.0) mime_header_checks) -D -- A violent man entices his neighbor and leads him down a path that is not good. Proverbs 16:29 http://dman13.dyndns.org/~dman/
Attachment:
pgp8aSM1pAZjb.pgp
Description: PGP signature