lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031120203643.BAD6B43052@maja.zesoi.fer.hr>
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

 

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Brown, Nicholas
> Sent: Friday, 21 November 2003 3:48 a.m.
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
> 
> Bojan Zdrnja Wrote:
> ...
> >That is why you should implement content blocking at your e-mail server.
> >There is absolutely no reason to allow .scr files to go around. If you
had
> >this blocked, it would stop MiMail-I without AV updates.
> >Also, note that this attachment has double extension, which should also
be
> >automatically blocked.
> ...
> 
> It should be pointed out that blocking files with multiple extensions is
> not good idea, as this would interfere with lots of legitimate,
> non-executeable file types, such as .tar.gz.

Agreed (although - most users will send Windows attachments ;-).

Anyway, for that purpose, a regular expression like:

\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com)

Will do it. Amavisd-new has a nice default example for this.

Regards,

Bojan Zdrnja

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ