OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Changed subject (was Re: reg. virus named ...)
From: Liviu Daia (Liviu.Daiaimar.ro)
Date: Thu May 04 2000 - 13:41:37 CDT

On 4 May 2000, Bennett Todd <betrahul.net> wrote:
> 2000-05-04-13:38:57 Thomas Andres:
> > > I think it'd be better still to make that
> > >
> > > /Content.*\.vbs/ REJECT
> >
> > Well... fine with me, but a few people might argue, that not all vbs
> > attachements need to be rejected. Maybe one can do other things than
> > viruses using vbs :)
>
> In theory you can, although I've yet to hear of anyone whose life
> would be shattered beyond recognition if any vbs attachments sent as
> direct MIME attachments ended up getting a little bit quoted, just
> enough to defuse the execute-on-opening booby trap wired into certain
> mail user agents.
[...]

    Sorry to jump into this interesting debate, but the above rule won't
catch VBS attachments (or the ILOVEYOU virus, for that matter). The
problem is header_checks will match only the top level "Content-Type",
which is normally "multipart/mixed", no matter what other attachments it
contains.

    Regards,

    Liviu Daia 

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc