REF the current thread at: http://www.securityfocus.com/archive/1/336680/2003-09-05/2003-09-11/1 and http://www.securityfocus.com/archive/1/336625
Seems focused around a malicious website spewing out 'Content-Type: application/hta' along with malicious code, but since the principals are the same, in case anyones interested in blocking this via Q_S
you might consider a quarantine rule like:
application/hta.* Virus-Content-Type: MS03-032 exploit?
since the Q_S supplied rule:
#.hta 0 HTA files not allowed per Company security policy
(IMO) will not prevent the exploit since (as I read things) the exploit does not have to contain any file attachment, just the header and the malicious code. 2 cents worth of prevention commentary.
--
Doug Monroe
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
