lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001401c47961$31d8d8e0$fc11010a@msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: broken virus / worm email has attachment not found by grisoft proxy scanner

I have seen this type of e-mail on my yahoo account at home. I just guessed
it was a corrupt e-mail put out by some e-mail virus circling the internet.
It wouldn't by the first time or the last.


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Denis McMahon
Sent: Tuesday, August 03, 2004 6:39 AM
To: fd
Subject: [Full-Disclosure] broken virus / worm email has attachment not
found by grisoft proxy scanner

Hmm

I've had a couple of suspicious emails this week with headers, blank 
line, a line of text, mime headers.

Thunderbird doesn't see the mime attachment due to the broken headers, 
which is good, but nor does the grisoft email proxy scanner, which is 
bad, especially as I guess that certain broken applications (no I don't 
have outlook [express] on my system) might try and be snart and find the 
attachment.

This might be broken malware sending unusable stuff out, but my worry is 
that somene may have found a technique that will sneak an attachment 
past some a-v scanners in a "broken" format that certain popular email 
apps will try and fix, possibly putting active malware on the hard disk.

I tried to talk to grisoft about this, but all I get back is "you have 
to pay to talk to us cheapskate" ... whilst I can agree that they might 
not want to provide tech support to users of their free scanner, does 
anyone have an email address at grisoft for submitting suspicious items 
that have got past their proxy scanner?

Denis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ