On Tue, September 12, 2006 13:31, Michael Scheidell wrote:
a href=http://www.canaltv.org/postcard.gif.exe;
And if anyone knows the people at clamav, I have submitted this nasty
thing several times to them and they still don't have a sig for it.
i know this is in clamav, look back on this
-Original Message-
From: John D. Hardin [mailto:[EMAIL PROTECTED]
Sent: Monday, September 11, 2006 11:12 AM
To: SpamAssassin Users List
Subject: postcard exploit email
Maybe we need a base rule for URL links directly to
executable content...
a
href=http
Maybe we need a base rule for URL links directly to executable
content...
a
href=http://www.canaltv.org/postcard.gif.exe;http://www.e-cards.com/view/CR3090Ztyw5g527673XzW/a
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174pgpk
On Monday 11 September 2006 18:12, John D. Hardin wrote:
Maybe we need a base rule for URL links directly to executable
content...
a
href=http://www.canaltv.org/postcard.gif.exe;http://www.e-cards.com/view/
CR3090Ztyw5g527673XzW/a
Any virus checkers pick this up?
Been getting a lot of
On Mon, 11 Sep 2006, David Baron wrote:
On Monday 11 September 2006 18:12, John D. Hardin wrote:
Maybe we need a base rule for URL links directly to executable
content...
a
href=http://www.canaltv.org/postcard.gif.exe;http://www.e-cards.com/view/
CR3090Ztyw5g527673XzW/a
Any virus
URL's contained within e-mails?
-Sietse
From: John D. HardinSent: Mon 11-Sep-06 18:15To: David BaronCc: users@spamassassin.apache.orgSubject: Re: postcard exploit email
On Mon, 11 Sep 2006, David Baron wrote:
On Monday 11 September 2006 18:12, John D. Hardin wrote:
Maybe we need a base rule
Sietse van Zanen wrote:
And correct me if I'm wrong, but isn't ClamAV able to recursively scan
URL's contained within e-mails?
Yes, with the MailFollowURLs option. Thankfully, it's disabled by default.
Aside from increasing bandwidth use, exposing the virus checker to
potential DOS
On Mon, 11 Sep 2006, John D. Hardin wrote:
Maybe we need a base rule for URL links directly to executable
content...
a
href=http://www.canaltv.org/postcard.gif.exe;http://www.e-cards.com/view/CR3090Ztyw5g527673XzW/a
You mean like:
uri __L_AUNT_EDNA1
On Mon, September 11, 2006 18:15, John D. Hardin wrote:
Probably not, as you'd have to visit the link to get something for the
virus checker to check. On the server side, it'd have to follow the
like to download the executable to scan, and I *really* doubt anyone
would want their mail
On Mon, September 11, 2006 18:15, John D. Hardin wrote:
Probably not, as you'd have to visit the link to get something for the
virus checker to check. On the server side, it'd have to follow the
like to download the executable to scan, and I *really* doubt anyone
would want their mail
--On Monday, September 11, 2006 8:12 AM -0700 John D. Hardin
[EMAIL PROTECTED] wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a pain because it also
Kenneth Porter wrote:
--On Monday, September 11, 2006 8:12 AM -0700 John D. Hardin
[EMAIL PROTECTED] wrote:
Maybe we need a base rule for URL links directly to executable
content...
MIMEDefang rejects content with executable extensions. The list of
extensions is configurable. (.com is a
On Mon, 11 Sep 2006, Kelson wrote:
In fact, if you're retrieving content over the web, the link
doesn't even have to tell you the double extension. The link
could be to a redirect script, or to a download script that
provides a content-disposition header:
Maybe you need ClamAssassin? ClamAv is an anti-virus program.
SpamAssassin is an anti-spam program. Use the anti-virus program
for anti-virus activity. And with ClamAssassin you can do that
from within SpamAssassin and give the ClamAv hit a killer
score. Or you could have procmail or equivalent
On Mon, 11 Sep 2006, jdow wrote:
Maybe you need ClamAssassin? ClamAv is an anti-virus program.
SpamAssassin is an anti-spam program.
Point taken.
- Original Message -
From: John D. Hardin [EMAIL PROTECTED]
Maybe we need a base rule for URL links directly to executable
On Mon, 2006-09-11 at 19:13 +, [EMAIL PROTECTED] wrote:
Hi,
possible problem: if the erver actually runs windows, the link could be some
kind of cgi
rather than an executable
Just for the record, this kind of email is really common in pt_BR.
It is really common to link to a php page.
On Mon, 11 Sep 2006, Raul Dias wrote:
Card or some service from company FooBar which has domain FooBar.com,
the link is something like:
http://www.foobar.somehost.com/view_yourcard_online.php
Somehost.com is something really short, some times www.foobar.com.b.fm .
A way to fight this would
17 matches
Mail list logo
