[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001401c47961$31d8d8e0$fc11010a@msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: broken virus / worm email has attachment not found by grisoft proxy scanner
I have seen this type of e-mail on my yahoo account at home. I just guessed
it was a corrupt e-mail put out by some e-mail virus circling the internet.
It wouldn't by the first time or the last.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Denis McMahon
Sent: Tuesday, August 03, 2004 6:39 AM
To: fd
Subject: [Full-Disclosure] broken virus / worm email has attachment not
found by grisoft proxy scanner
Hmm
I've had a couple of suspicious emails this week with headers, blank
line, a line of text, mime headers.
Thunderbird doesn't see the mime attachment due to the broken headers,
which is good, but nor does the grisoft email proxy scanner, which is
bad, especially as I guess that certain broken applications (no I don't
have outlook [express] on my system) might try and be snart and find the
attachment.
This might be broken malware sending unusable stuff out, but my worry is
that somene may have found a technique that will sneak an attachment
past some a-v scanners in a "broken" format that certain popular email
apps will try and fix, possibly putting active malware on the hard disk.
I tried to talk to grisoft about this, but all I get back is "you have
to pay to talk to us cheapskate" ... whilst I can agree that they might
not want to provide tech support to users of their free scanner, does
anyone have an email address at grisoft for submitting suspicious items
that have got past their proxy scanner?
Denis
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists