[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] MyDoom-M evades attachment filters
- To: William Warren <hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] MyDoom-M evades attachment filters
- From: "lsi" <stuart@xxxxxxxxxxxxxx>
- Date: Thu, 29 Jul 2004 10:38:41 +0100
Err, Pegasus Mail :) (a free POP3 client)
Seriously..! When I get some time I plan to add the exe and zip
filters to SpamPal, which is a free Windows-based anti-spam POP3
proxy that supports multiline regular expressions. It has some virus-
specific base-64 sigs, but does not currently have the generic
detection made possible by the 10-byte MIME string quoted earlier.
After some research, this appears to be the earliest and most
comprehensive enunciation of the generic attachment filtering
approach: http://qmail.plig.org/qmail-smtpd-viruscan-1.3.patch
That route is for larger networks with their own MTA. I am shooting
at a client-side POP3 solution for end-users (such as me) - and maybe
a few small businesses here and there!
Spampal: http://www.spampal.org
Pegasus: http://www.pmail.com/
Stu
> what are you using for attachment filters? my astaro attachment
> filter is killing mydoom without one getting through.
>
> lsi wrote:
> > Since the first MyDoom (which appeared almost six months ago, to the
> > day) I have been nice and snug behind my executable attachment
> > filter. And my zipfile attachment filter. But then MyDoom-M slips
> > past ....
---
Stuart Udall
stuart at@xxxxxxxxxxxxxx net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192.168.0.2)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html