When Sobig.F hit the local MTA, I started to look for a filter to block it. I looked at some common approaches, and my first impression was that the filters would be pretty easy to bypass. Which again means that lot's og MTA's may be vulnerable for the next attachment plague.
In order to research this theory, I need access to email accounts[1] on mail-servers that has applied filters to block suspect attachment types like "*.pif". The findings will be published on my home-page (and possible on BUGTRAQ if I find anything serious), along with tools to verify if an MTA indeed stop masqueraded attachments, or stop valid emails in error. If you have a mail-server that is supposed to block such attachments, and are willing to help me in my research, please drop me a note. I'm looking for anything from simple perl scripts to commercial filters. Jarle [1] The email-accounts will only be used for this purpose. -- Jarle Aase email: [EMAIL PROTECTED] Author of freeware. http://www.jgaa.com news:alt.comp.jgaa War FTP Daemon: http://www.warftp.org War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm Jgaa's PGP key: http://war.jgaa.com/pgp NB: If you reply to this message, please include all relevant information from the conversation in your reply. Thanks. <<< no need to argue - just kill'em all! >>> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]