| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308042135.h74LZZZ40328@milan.maths.usyd.edu.au> From: psz at maths.usyd.edu.au (psz@...hs.usyd.edu.au) Subject: f-prot not catching mimail ? >>I cannot see anything "special" in the MIME structure of Mimail that would >>cause f-prot to miss the ZIP attachment (or maybe it is the structure of >>the ZIP that f-prot cannot unpack?). > > I was told its the encoding scheme in the .html file thats the problem. > Currently the scanner does not support that type of encoding. It seems to me that the HTML contains the binary EXE without any encoding: $ cat -v message.html | fold | head -5 MIME-Version: 1.0 Content-Location:File://foo.exe Content-Transfer-Encoding: binary MZM-^P^@^C^@^@^@^D^@^@^@...?M-^?^@^@...^@^@^@^@^@^@^@@^@^@^@^@^@^@^@^@^@^@^@^@^@ Regardless, f-prot should list the ZIP attachment, and the files contained within the ZIP ... Cheers, Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030804/bcf3bd4d/attachment.html
Powered by blists - more mailing lists