[Mimedefang] Missed executable attachments with empty Content-Type
tometzky at batory.org.pl
Tue Apr 28 08:34:59 EDT 2015
I've just received a trojan/exploit attachment with CHM extension, which
should be filtered by MIMEdefang but wasn't.
This attachment was send in a MIME part with broken header:
Please notice empty "Content-Type" in above header. Because of empty
content type my mail client (Thunderbird) displayed it as garbage, but
also defaulted to to save it as a file with original name
"SecureMessage.chm". Opening it would compromise a system, as it isn't
recognized as a virus by most antivirus programs yet:
I've retested it changing extension to EXE and it was also allowed.
I'm attaching the whole message (beware, contains virus) in 7z archive
with password "infected".
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
Winnie the Pooh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NatWest Secure Message.7z
Size: 5833 bytes
Desc: not available
More information about the MIMEDefang