r 24, 2004 8:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] F-Prot/GDI+ FYI
Greg,
Here's a tool to scan everything on the machine:
http://isc.sans.org/gdiscan.php
Mark
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from
9 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] F-Prot/GDI+ FYI
> Importance: High
>
>
> > I expect we'll have a new version on Monday to take care of this
> > (unless some start spreading before then, in which case we
> would have
> > a new version
> I expect we'll have a new version on Monday to take care of
> this (unless some start spreading before then, in which case
> we would have a new version ready ASAP).
Well after reading http://www.heise.de/newsticker/meldung/51459 (german) I
think it's time to release something!
In short:
The
Greg,
Here's a tool to scan everything on the machine:
http://isc.sans.org/gdiscan.php
Mark
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED],
We've got too many threads tracking this.
(And way too many nightmare ideas.) As simple as, a Word or WordPad
Document with an infected JPG (or link) that infects PCs with all their
Windows updates (but not their Office updates).
I'm with you. I've got that gut feeling this one is going to get ve
Scott,
If possible, please have the JPG vulnerability detection work
independently of the SKIPEXT setting (not sure if it does already). I'm
not looking forward to having to scan every JPG for this vulnerability.
Another thing that might not be known or not discussed to a great extent
is what
Do you have the code written enough to know, if SKIPEXT will bypass the
new JPG/JPEG checking?
I assume that this would cause it not to be checked by Virus scanners, so
I'm headed to remove at least JPG.
The Microsoft GDIPlus.DLL JPEG Vulnerability detection will occur whether
or not SKIPEXT is
Scott,
Good news. Thanks.
Do you have the code written enough to know, if SKIPEXT will bypass the
new JPG/JPEG checking?
I assume that this would cause it not to be checked by Virus scanners,
so I'm headed to remove at least JPG.
Greg
Quick reminder. Don't forget to remove the
SK
The most positive step for now is to patch, patch, patch. (At least get
the big holes)
Windows, IE, Office, lots of other current MS products.
Lots of 3rd party products (some of the manufactures will be out of
business)
Who knows about old MS products.
I have not seen a good tool yet for finding
Odd. My experience with the BANEXT command is that it caused the entire
email be deleted, not just the banned extension.
That is correct. BANEXT will block the entire E-mail.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail
nal Message-
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
> On Behalf Of Dave Marchette
> Sent: Friday, September 24, 2004 11:36 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] F-Prot/GDI+ FYI
>
> Odd. My experience with the BANEXT command is that it caus
]
Subject: RE: [Declude.Virus] F-Prot/GDI+ FYI
Dave,
BANEXT JPG
Scott,
Here's the information about how to track the malformed header using
SNORT.
http://isc.sans.org/diary.php?date=2004-09-23
Also some utilities on scanning your PC.
> -Original Message-
> From: [EMAIL PROTECTED
> Without blocking all .JPG files, nothing. The problem is that there is a
> lack of information on how to detect such .JPG's.
You can find details about the exploit at
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Thanks for the URL -- although good 'ole Microsoft does specify
Behalf Of Dave Marchette
> Sent: Friday, September 24, 2004 12:13 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.Virus] F-Prot/GDI+ FYI
>
> That being the case, can you outline for us the simplest way
> to strip JPEGs out of a message yet still send the rest of
> the message thr
14 matches
Mail list logo
