|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: clever .exe match?
From: *Hobbit* (hobbit
avian.org)
Date: Tue Sep 30 2003 - 09:39:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> >/^TV[nopqr]....[AB]..A.A/i REJECT Email with EXE files attached denied
> >/^M35[GHIJK].`..`..*````/i REJECT Email with EXE files attached denied
Does the significance change if the order is reversed?
The second one is to catch uuencoded equivalents. LookOut evidently
auto-explodes them just as easily as base64 blobs -- i.e. if it sees
the "begin NNN file.exe" line somewhere in the text stream, not even
necessarily as a specific attachment. To protect against this
idiocy, many content-specific rules to look for base64-encoded nasties
need their uuencode equivalents too.
And this probably doesn't do anything for quoted-printable, which is yet
another way to carry binary to your desktop, but it's probably wisest
to not accept that rot at all.
_H*
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]