Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
- Subject: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- Date: Thu Mar 24 03:30:16 2005
> -----Original Message----- > From: full-disclosure-admin@xxxxxxxxxxxxxxxx > [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of > Brown, Nicholas > Sent: Friday, 21 November 2003 3:48 a.m. > To: full-disclosure@xxxxxxxxxxxxxxxx > Subject: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES > > Bojan Zdrnja Wrote: > ... > >That is why you should implement content blocking at your e-mail server. > >There is absolutely no reason to allow .scr files to go around. If you had > >this blocked, it would stop MiMail-I without AV updates. > >Also, note that this attachment has double extension, which should also be > >automatically blocked. > ... > > It should be pointed out that blocking files with multiple extensions is > not good idea, as this would interfere with lots of legitimate, > non-executeable file types, such as .tar.gz. Agreed (although - most users will send Windows attachments ;-). Anyway, for that purpose, a regular expression like: \.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com) Will do it. Amavisd-new has a nice default example for this. Regards, Bojan Zdrnja
- Follow-Ups:
- [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- From: Nick FitzGerald
- [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- References:
- [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- From: Brown, Nicholas
- [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- Prev by Date: [Full-Disclosure] Remote root exploit for mod_gzip (with debug_mode)
- Next by Date: [Full-Disclosure] .hta virus analysys
- Previous by thread: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- Next by thread: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- Index(es):