RE: [Full-Disclosure] Backdoor not recognized by Kaspersky

• Previous message: Gregor Lawatscheck: "Re: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• In reply to: Cael Abal: "Re: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Next in thread: Ron DuFresne: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Reply: Ron DuFresne: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Reply: Nick FitzGerald: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Reply: Martin Mačok: "[Full-Disclosure] SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky)"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Cael Abal" <lists2@onryou.com>, "Gregor Lawatscheck" <gpel@mpex.net>
Date: Wed, 3 Mar 2004 23:36:09 +0530

> 'Password is a long yellow fruit enjoyed by monkeys.'

which ones ? there are many types of them around here ....
 
> Leave passworded .zips alone -- take the sensible approach and catch an
> infected file once it's been extracted.

that would be the best approach but it would make all the spam to be able to come up to the desktop.
maybe we will start getting all the spam as zipped attachments...

how about the smtp server simply rejecting mail from spoofed hosts ? as all the viruses generate spoofed hosts and it is very easy for any smtp server to do a dns lookup on the sending server, if the hostname / ip address do not match reject the message.

________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Gregor Lawatscheck: "Re: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• In reply to: Cael Abal: "Re: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Next in thread: Ron DuFresne: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Reply: Ron DuFresne: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Reply: Nick FitzGerald: "RE: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Reply: Martin Mačok: "[Full-Disclosure] SMTP rejecting wrong HELO/EHLO domains will save the world (was: Backdoor in passworded ZIP not recognized by Kaspersky)"
• Reply: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Backdoor not recognized by Kaspersky"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]