[Mimedefang] survey: dropping password protected file
Joseph Brennan
brennan at columbia.edu
Thu Mar 4 08:57:53 EST 2004
--On Wednesday, March 3, 2004 2:53 PM -0600 James Miller
<jimm at simutronics.com> wrote:
>>
>>
>> We just went through the same thing and have told people we will be
>> dropping zip files until we work out a sane way of 'scanning' ones that
>> are bad. Of course the .zip item is already being deprecated by the .txt
>> virii that tell the user in the email to rename the .txt to .zip and
>> open it up and then run the application for security reasons.
Our testing showed that clients mangle binaries sent with the .txt
extension. We believe that the clients do a newline-return translation
similar to what you get doing ftp as text. Anyway the binary does not
execute even after being renamed. I can't figure out how this exploit
would work.
Which virus was it? I'd like to see more on this.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list