From owner-freebsd-security  Tue Nov 27 11: 7: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from male.aldigital.co.uk (male.aldigital.co.uk [213.129.64.13])
	by hub.freebsd.org (Postfix) with ESMTP id D0FDF37B417
	for <security@FreeBSD.ORG>; Tue, 27 Nov 2001 11:07:03 -0800 (PST)
Received: from algroup.co.uk (sockittome.aldigital.co.uk [194.128.162.252])
	by male.aldigital.co.uk (Postfix) with ESMTP
	id CE37A6A1428; Tue, 27 Nov 2001 19:07:02 +0000 (GMT)
Message-ID: <3C03E456.6BD7FB3E@algroup.co.uk>
Date: Tue, 27 Nov 2001 19:07:02 +0000
From: Adam Laurie <adam@algroup.co.uk>
Organization: A.L. Group plc
X-Mailer: Mozilla 4.76 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: security@FreeBSD.ORG
Cc: "Michael M. Butler" <butler@comp-lib.org>
Subject: Re: some shit to see
References: <200111230926.fAN9Qw630403@peony.ezo.net> <3BFF9D53.CBB692E2@comp-lib.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

"Michael M. Butler" wrote:
> 
> Nuke this turkey, won't you? Thanks! :)
> 
> jflowers@ezo.net wrote:
> >
> > peace
> >
> >                    Name: whatever.exe
> >    whatever.exe    Type: WAV Audio (audio/x-wav)
> >                Encoding: base64

unfortunately it seems a little more intelligent than a turkey as it can
bypass some security scanners such qmail-scanner
(http://qmail-scanner.sourceforge.net/) - i guess there's a bug relating
to the mime type, since we have this rule:

  .exe                    0       Executable attachment (not allowed)

which should block all .exe attachments, but this one gets through... i
will forward this to the qmail list as well instead of cross-posting,
but thought you might like to be aware in case your scanner is also at
risk...

cheers,
Adam
-- 
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
The Stores                    http://www.thebunker.net
2 Bath Road                   http://www.aldigital.co.uk
London W4 1LT                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message