Dumb Anti-Virus programs [was RE: NOT GOOD: Outlook Express 6 + Internet Explorer 6]

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 04/02/04

  • Next message: Russ: "Administrivia #30664 - 6th Annual NTBugtraq Retreat Details" 
    Date:         Fri, 2 Apr 2004 15:18:25 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Folks,

    I cannot correct faulty anti-virus software which decides that text in a plain-text email is, instead, HTML.

    I cannot correct faulty anti-virus software which decides that some text in a plain-text email is HTML script, despite it not being script at all due to the object tag being replaced with the word xbject.

    I cannot correct faulty anti-virus software which looks for HTML exploits in text/plain email messages.

    I can assure you that you didn't get a virus from NTBugtraq.

    I can assure you that http-equiv's .chm exploit string has been put into numerous AV products as an exploit. I've run it numerous times.

    I can assure you that anything you get from NTBugtraq should be treated as hostile! If you lack sufficient expertise to know how to protect yourself (and your network/company) from a malicious demonstration, or from being pointed to a site which is exploiting people, then do not follow any links provided in NTBugtraq messages, including those to my site!

    If you want to see a message your AV has stopped, feel free to look at the NTBugtraq on-line web archives at http://www.ntbugtraq.com/archives

    Cheers,
    Russ - NTBugtraq Editor

    -----
    NTBugtraq Editor's Note:

    Wondering how to unsubscribe from NTBugtraq? Just send a message to Listserv@listserv.ntbugtraq.com with unsubscribe ntbugtraq in the message body, you don't need a subject line. If it says you aren't subscribed, you've either subscribed with a different email address or your address has changed somehow. Just email Russ.Cooper@rc.on.ca and I'll remove you.
    -----

  • Next message: Russ: "Administrivia #30664 - 6th Annual NTBugtraq Retreat Details"