RobertH a écrit : > > >>> http://pastebin.com/m2fcbe7b5 >> Thanks for posting the sample. >> >> <plug type="shameless"> >> My email sanitizer successfuly defends against this attack. >> </plug> >> >> :) >> >> -- >> John Hardin > > no disrespect intended yet i would like to understand... > > ummmm, if your "email sanitizer" caught it, why isnt that something > programmed "in another way" inside SA, or clamav, etc...? > > i mean we have viruses, we have spyware, we have spam, we have UCE, we have > all these different terms that describe the essentially the same stuff... > > cant this be dealt with in something that already exists like SA, Clamav, or > whateverm besides having another custom piece of coding ? > > i mean, John, at the very least get out some them there GUNS and shoot it a > bunch and make it stop or something! >
spam contains a URL (the fact that it is flash is only half-relevant). That URL redirects to an exe file. you want tod do what? The approach that consists of getting the spam filter (SA here) access the URL has a lot of problems (easy DoS, address confirmation, higher latency, ... etc) Fixing the MUA may be good, but this still means that a file suffix is meaningful. however, the internet isn't windows. a ".exe" does nothing on a unix/linux system (assuming no windows support, be that wine or other). and to answer Ned's post, the problem isn't with flash running arbitrary programs (what's the alternative? display ascii text only?). The problem is elsewhere. I don't know much people who forbid .doc/xls/ppt in email, and these can do a lot of harm.
