lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <DF79BE12AF8DD344B107D0D03621E5750ED9CF@kermit.corp.hansenet.com>
From: vogt at hansenet.com (vogt@...senet.com)
Subject: AW: Re: Filtering sobig with postfix

> Yep, as the OP is using postfix, he could use the 
> header_checks directive,
> which can identify MIME headers, so he can easily stop this worm.
> Just check for Content-Disposition header and block 
> everything with .pif in
> filename.

Thought about that, but doesn't quite work. The headers only say
multipart/mime. The .pif part comes later in the attachment.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ