[Mimedefang] Bagle-Q gets through!
Michal Jankowski
Michal.Jankowski at fuw.edu.pl
Fri Mar 19 09:57:58 EST 2004
Andrzej Marecki <amr at astro.uni.torun.pl> writes:
> 1. This is MD that should possibly stop Bagle-Q!
> 2. Antivirus software detects (and disinfects) Bagle-Q _only_ when a PC
> gets infected via the exploit in Outlook which downloads Bagle.
> Antivirus software has literally nothing to do when email "promoting"
> Bagle-Q arrives simply because there is no viral code there.
Oh yes there is. Recent bagle variants are properly found by AV
software - say, clamav (and others).
Proposed solutions
1) Install AV program capable of dealing with bagle.
or
2) Filter text/html mail containing (any or only specific) "OBJECT..."
tags using, say, procmail.
or
3) Block text/html mail altogether. Better yet, block anything but
text/plain. Yes, I know, I know.
Also, force your users to patch their M$ Outlook programs
http://www.microsoft.com/technet/security/bulletin/MS03-040.mspx
MJ
More information about the MIMEDefang
mailing list