|
Mime-Version: |
1.0 |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Mon, 28 Jan 2002 15:12:38 -0500 |
In-Reply-To: |
|
Content-Type: |
text/plain; charset="us-ascii"; format=flowed |
Reply-To: |
|
At 14:49 01/28/2002 Monday, Ahern, Shannon wrote:
>Had an interesting morning. One of my lists apparently got a virus
>attachment distributed to it. But, the list is already set to reject
>attachments. So we had to do some figuring to understand how that
>happened. And it seems this virus is clever enough to get past an
>attachment filter.
>
>This virus is sent as plain text, but has a SMTP command *inside* that
>text (begin 666) which causes Outlook (on the recipient's side) to
>assume this is an attachment, and separates out the bytes into a
>attachment file, which is the actual virus executable.
>
>So the recipient sees the incoming data as an attachment, and Outlook
>presents it to the reader as such, despite the fact that the email
>itself was merely plain text. So rejecting attachments doesn't solve the
>problem.
>I was looking in the archive and trying to find someone else's
>commentary on this, but I couldn't find anything.
YOURS is the *definitive* commentary.
As you said, it did not start off as an email attachment, but some MUA
decided to make it such :-(
>What I want to know is
>if there is some way I can filter messages for content (specifically
>that string that makes the virus be assembled into an attachment on the
>client machine), and remove this risk that way? I know I can use filter
>keywords to filter out specific users or ISPs, etc., but is there any
>way to filter for strings in the message body?
I think the best way of "filtering" is by using a different MUA and
educate your customers not to take candy, nor attachments, from strangers.
/Pete
|
|
|