[Mimedefang] Virus Evading Detection
Michael Grau
m.grau at kcc.state.ks.us
Wed Apr 24 15:53:06 EDT 2002
Similarly, this virus also evades detection as an attached .exe
(using newly patched MIME::Tools 5.411a):
>Content-Type: text/html;
>
>Content-Type: audio/x-midi;
> name=thread11.exe
-----------------------------------------------------------------------
Ray Spinhirne wrote:
>
> The following shows part of the header file which apparently evaded detection
> by the standard mimedefang filter rules:
>
> -----------------------------------------------------------------------
> <HTML><HEAD></HEAD><BODY>
>
> <FONT>The following mail can't be sent to gicjay2004 at yahoo.com:<br>
> <br>
> From: brendaa at admin.stedwards.edu<br>
> To: gicjay2004 at yahoo.com<br>
> Subject: product lines, present and future, include<br>
> The file is the original mail</FONT></BODY></HTML>
>
> --U1k1d631Tyay0nN2789BHI1PWxk01u6L
> Content-Type: application/octet-stream;
> name=20,.exe
> Content-Transfer-Encoding: base64
> Content-ID: <Zb3izrGl5Z64j8J7C>
>
> -----------------------------------------------------------------
>
> Apparenlty the include file contained a virus as it was could by
> the users PC based virus detection software.
>
> I have not been following the list really close the last few days, but I
> have not seen any mention of this.
>
> Any help would be appreciated.
>
> Thanks
>
> Ray Spinhirne
> St. Edward's University
More information about the MIMEDefang
mailing list