[Full-Disclosure] broken virus / worm email has attachment not found by grisoft proxy scanner

From: Denis McMahon (denis.mcmahon_at_ntlworld.com)
Date: 08/03/04

  • Next message: Michael Gale: "Re: [Full-Disclosure] Stateful Packet Inspection"
    To: fd <full-disclosure@lists.netsys.com>
    Date: Tue, 03 Aug 2004 12:39:22 +0100


    I've had a couple of suspicious emails this week with headers, blank
    line, a line of text, mime headers.

    Thunderbird doesn't see the mime attachment due to the broken headers,
    which is good, but nor does the grisoft email proxy scanner, which is
    bad, especially as I guess that certain broken applications (no I don't
    have outlook [express] on my system) might try and be snart and find the

    This might be broken malware sending unusable stuff out, but my worry is
    that somene may have found a technique that will sneak an attachment
    past some a-v scanners in a "broken" format that certain popular email
    apps will try and fix, possibly putting active malware on the hard disk.

    I tried to talk to grisoft about this, but all I get back is "you have
    to pay to talk to us cheapskate" ... whilst I can agree that they might
    not want to provide tech support to users of their free scanner, does
    anyone have an email address at grisoft for submitting suspicious items
    that have got past their proxy scanner?


    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Michael Gale: "Re: [Full-Disclosure] Stateful Packet Inspection"

    Relevant Pages