On Tue, September 12, 2006 13:31, Michael Scheidell wrote:
>> http://www.canaltv.org/postcard.gif.exe";>
> And if anyone knows the people at clamav, I have submitted this nasty
> thing several times to them and they still don't have a sig for it.
i know this is in clamav, look back on this threa
> -Original Message-
> From: John D. Hardin [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 11, 2006 11:12 AM
> To: SpamAssassin Users List
> Subject: postcard exploit email
>
>
>
> Maybe we need a base rule for URL links directly to
> executab
On Mon, 11 Sep 2006, Raul Dias wrote:
Card or some service from company FooBar which has domain FooBar.com,
the link is something like:
http://www.foobar.somehost.com/view_yourcard_online.php
Somehost.com is something really short, some times www.foobar.com.b.fm .
A way to fight this would eith
On Mon, 2006-09-11 at 19:13 +, [EMAIL PROTECTED] wrote:
> Hi,
>
> possible problem: if the erver actually runs windows, the link could be some
> kind of cgi
> rather than an executable
Just for the record, this kind of email is really common in pt_BR.
It is really common to link to a php pa
On Mon, 11 Sep 2006, jdow wrote:
> Maybe you need ClamAssassin? ClamAv is an anti-virus program.
> SpamAssassin is an anti-spam program.
Point taken.
> - Original Message -
> From: "John D. Hardin" <[EMAIL PROTECTED]>
> >
> > Maybe we need a base rule for URL links directly to executabl
Maybe you need ClamAssassin? ClamAv is an anti-virus program.
SpamAssassin is an anti-spam program. Use the anti-virus program
for anti-virus activity. And with ClamAssassin you can do that
from within SpamAssassin and give the ClamAv hit a "killer"
score. Or you could have procmail or equivalent
On Mon, 11 Sep 2006, Kelson wrote:
> In fact, if you're retrieving content over the web, the link
> doesn't even have to tell you the double extension. The link
> could be to a redirect script, or to a download script that
> provides a content-disposition header:
>
> http://server/path/to/evil/b
Kenneth Porter wrote:
--On Monday, September 11, 2006 8:12 AM -0700 "John D. Hardin"
<[EMAIL PROTECTED]> wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a
--On Monday, September 11, 2006 8:12 AM -0700 "John D. Hardin"
<[EMAIL PROTECTED]> wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a pain because it also a
>>
>> On Mon, September 11, 2006 18:15, John D. Hardin wrote:
>>
>> > Probably not, as you'd have to visit the link to get something for the
>> > virus checker to check. On the server side, it'd have to follow the
>> > like to download the executable to scan, and I *really* doubt anyone
>> > woul
On Mon, September 11, 2006 18:15, John D. Hardin wrote:
> Probably not, as you'd have to visit the link to get something for the
> virus checker to check. On the server side, it'd have to follow the
> like to download the executable to scan, and I *really* doubt anyone
> would want their mail gat
On Mon, 11 Sep 2006, John D. Hardin wrote:
>
> Maybe we need a base rule for URL links directly to executable
> content...
>
> href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/CR3090Ztyw5g527673XzW
You mean like:
uri __L_AUNT_EDNA1 m!\b(?:postcards?\.gif\.exe|/p
Sietse van Zanen wrote:
And correct me if I'm wrong, but isn't ClamAV able to recursively scan
URL's contained within e-mails?
Yes, with the MailFollowURLs option. Thankfully, it's disabled by default.
Aside from increasing bandwidth use, exposing the virus checker to
potential DOS condition
ively scan URL's contained within e-mails?
-Sietse
From: John D. HardinSent: Mon 11-Sep-06 18:15To: David BaronCc: users@spamassassin.apache.orgSubject: Re: postcard exploit email
On Mon, 11 Sep 2006, David Baron wrote:
> On Monday 11 September 2006 18:12, John D. Hardin wrote:
> &
On Mon, 11 Sep 2006, David Baron wrote:
> On Monday 11 September 2006 18:12, John D. Hardin wrote:
> > Maybe we need a base rule for URL links directly to executable
> > content...
> >
> > > href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/
> >CR3090Ztyw5g527673XzW
>
>
On Monday 11 September 2006 18:12, John D. Hardin wrote:
> Maybe we need a base rule for URL links directly to executable
> content...
>
> href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/
>CR3090Ztyw5g527673XzW
>
Any virus checkers pick this up?
Been getting a lot of "
Maybe we need a base rule for URL links directly to executable
content...
http://www.canaltv.org/postcard.gif.exe";>http://www.e-cards.com/view/CR3090Ztyw5g527673XzW
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL
17 matches
Mail list logo
