[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] f-prot not catching mimail ?
- To: mike@sentex.net
- Subject: Re: [Full-Disclosure] f-prot not catching mimail ?
- From: psz@maths.usyd.edu.au
- Date: Mon, 4 Aug 2003 14:35:35 -0700
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6336.0">
<TITLE>Re: [Full-Disclosure] f-prot not catching mimail ?</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>>>I cannot see anything "special" in the MIME structure of Mimail that would<BR>
>>cause f-prot to miss the ZIP attachment (or maybe it is the structure of<BR>
>>the ZIP that f-prot cannot unpack?).<BR>
><BR>
> I was told its the encoding scheme in the .html file thats the problem.<BR>
> Currently the scanner does not support that type of encoding.<BR>
<BR>
It seems to me that the HTML contains the binary EXE without any encoding:<BR>
<BR>
$ cat -v message.html | fold | head -5<BR>
MIME-Version: 1.0<BR>
Content-Location:<A HREF="File://foo.exe">File://foo.exe</A><BR>
Content-Transfer-Encoding: binary<BR>
<BR>
MZM-^P^@^C^@^@^@^D^@^@^@M-^?M-^?^@^@M-8^@^@^@^@^@^@^@@^@^@^@^@^@^@^@^@^@^@^@^@^@<BR>
<BR>
Regardless, f-prot should list the ZIP attachment, and the files contained<BR>
within the ZIP ...<BR>
<BR>
Cheers,<BR>
<BR>
Paul Szabo - psz@maths.usyd.edu.au <A HREF="http://www.maths.usyd.edu.au:8000/u/psz/";>http://www.maths.usyd.edu.au:8000/u/psz/</A><BR>
School of Mathematics and Statistics University of Sydney 2006 Australia<BR>
_______________________________________________<BR>
Full-Disclosure - We believe in it.<BR>
Charter: <A HREF="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</A><BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>