| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4108D3B1.26219.3546145@localhost> From: stuart at cyberdelix.net (lsi) Subject: MyDoom-M evades attachment filters Err, Pegasus Mail :) (a free POP3 client) Seriously..! When I get some time I plan to add the exe and zip filters to SpamPal, which is a free Windows-based anti-spam POP3 proxy that supports multiline regular expressions. It has some virus- specific base-64 sigs, but does not currently have the generic detection made possible by the 10-byte MIME string quoted earlier. After some research, this appears to be the earliest and most comprehensive enunciation of the generic attachment filtering approach: http://qmail.plig.org/qmail-smtpd-viruscan-1.3.patch That route is for larger networks with their own MTA. I am shooting at a client-side POP3 solution for end-users (such as me) - and maybe a few small businesses here and there! Spampal: http://www.spampal.org Pegasus: http://www.pmail.com/ Stu > what are you using for attachment filters? my astaro attachment > filter is killing mydoom without one getting through. > > lsi wrote: > > Since the first MyDoom (which appeared almost six months ago, to the > > day) I have been nice and snug behind my executable attachment > > filter. And my zipfile attachment filter. But then MyDoom-M slips > > past .... --- Stuart Udall stuart at@...erdelix.dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192.168.0.2)
Powered by blists - more mailing lists