> > .*type=.*Virus-Content-Type:MIME Exploit
> >
>
> Ignore that. It is not correct!
>
Is there some temporary measure that can be taken to block this
particular one? Perhaps a working entry for quarantine-attachments.txt?
I have entered:
EBT Reporter v 2.xVirus-X-Mailer:W32/Braid-A
As per o
On Thu, Nov 07, 2002 at 04:00:57PM +1300, Jason Haar wrote:
> The better perlscanner match would be something like (untested!)
>
> .*type=.*Virus-Content-Type:MIME Exploit
>
Ignore that. It is not correct!
The actual reason is that there are nested MIME attachments that share the
same bounday s
On Thu, Nov 07, 2002 at 11:17:58AM +0800, Chris wrote:
>
> Thanks. but block the Content-Type doesn't work. maybe it's the attachement
> Content-Type not the main mail header.
Well I just went live with it here and pushed the message you sent to me
through it... it was caught...
--
Cheers
Jaso
ailer: EBT Reporter v 2.x
so we block thsi mail header instead. please update me if there are any fix.
Many thanks.
Chris
- Original Message -
From: "Jason Haar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 07, 2002 11:00 AM
Subject:
On Thu, Nov 07, 2002 at 09:18:48AM +0800, Chris wrote:
> i'm not sure did you receive my zipped email source file with password
> "virus". we finally add the following entry
>
> EBT Reporter v 2.x Virus-X-Mailer: W32/Braid-A
>
> to the quarantine-attachments.txt. ban the .exe or README.EXE d
ris
- Original Message -
From: "Jason Haar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 06, 2002 5:23 PM
Subject: Re: [Qmail-scanner-general]qmail-scanner bugs
On Wed, Nov 06, 2002 at 03:29:09PM +0800, Chris wrote:
> Hi,
>
> qmail-
On Wed, Nov 06, 2002 at 03:29:09PM +0800, Chris wrote:
> Hi,
>
> qmail-scanner can't handle some fake "Content-Type" virus like
> W32/Braid-A
> http://www.sophos.com/virusinfo/analyses/w32braida.html
>
> this virus is smart. it don't use the correct Content-Type
> "application/x-msdownload". but
