Thanks. but block the Content-Type doesn't work. maybe it's the attachement Content-Type not the main mail header.
we tried the following line but fail audio/x-wav Virus-Content-Type: MIME Exploit we found that this virus email always content the mail header X-Mailer: EBT Reporter v 2.x so we block thsi mail header instead. please update me if there are any fix. Many thanks. ---- Chris ----- Original Message ----- From: "Jason Haar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 11:00 AM Subject: Re: [Qmail-scanner-general]qmail-scanner bugs On Thu, Nov 07, 2002 at 09:18:48AM +0800, Chris wrote: > i'm not sure did you receive my zipped email source file with password > "virus". we finally add the following entry > > EBT Reporter v 2.x Virus-X-Mailer: W32/Braid-A > > to the quarantine-attachments.txt. ban the .exe or README.EXE don't work. > strange problem. Yup. And I've checked and I can see it's a real problem. Again, what's happened is some bright spark has found another MIME flaw in Outlook, whereby it reads the message as having an attachment, whereas something MIME-compliant like reformime just goes "Huh!?!" The better perlscanner match would be something like (untested!) .*type=.*<TAB>Virus-Content-Type:<TAB>MIME Exploit ...as no Content-Type: line I know of contains "type=". I hope I'm right on that. The RFCs I've just looked at implie that isn't a valid option, so it looks like a Microstupid extension. [when will it end?!?!] I will contact the author of reformime, but frankly I really don't think this is a problem for him to solve. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
