Re: Researching spamblock/antivirus/attachment filters on mail servers
From: J. Reilink (digiover_at_dsinet.org)
Date: 09/03/03
- Next message: remove/valid: "Port Assignment- OT in a Small Way"
- Previous message: FHLA56: "Re: Forged Source Address"
- In reply to: Jarle Aase: "Researching spamblock/antivirus/attachment filters on mail servers"
- Next in thread: Jarle Aase: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Reply: Jarle Aase: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Reply: Tim Haynes: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 03 Sep 2003 09:57:57 +0200
Jarle Aase wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> When Sobig.F hit the local MTA, I started to look for a filter to block
> it. I looked at some common approaches, and my first impression was that
> the filters would be pretty easy to bypass. Which again means that lot's
> of MTA's may be vulnerable for the next attachment plague.
>
For the Sobig.F virus, take a closer look at the 'X-MailScanner' header.
-- Met vriendelijke groet / Best regards, Jan Reilink Dutch Security Information Network, http://www.dsinet.org/
- Next message: remove/valid: "Port Assignment- OT in a Small Way"
- Previous message: FHLA56: "Re: Forged Source Address"
- In reply to: Jarle Aase: "Researching spamblock/antivirus/attachment filters on mail servers"
- Next in thread: Jarle Aase: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Reply: Jarle Aase: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Reply: Tim Haynes: "Re: Researching spamblock/antivirus/attachment filters on mail servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
