From owner-freebsd-security Tue Nov 27 11:14: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id ED2BC37B417 for ; Tue, 27 Nov 2001 11:14:05 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA05785; Tue, 27 Nov 2001 12:13:48 -0700 (MST) Message-Id: <4.3.2.7.2.20011127121153.056cdd10@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 27 Nov 2001 12:13:00 -0700 To: Adam Laurie , security@FreeBSD.ORG From: Brett Glass Subject: Re: some shit to see Cc: "Michael M. Butler" In-Reply-To: <3C03E456.6BD7FB3E@algroup.co.uk> References: <200111230926.fAN9Qw630403@peony.ezo.net> <3BFF9D53.CBB692E2@comp-lib.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:07 PM 11/27/2001, Adam Laurie wrote: >unfortunately it seems a little more intelligent than a turkey as it can >bypass some security scanners such qmail-scanner >(http://qmail-scanner.sourceforge.net/) - i guess there's a bug relating >to the mime type, since we have this rule: > > .exe 0 Executable attachment (not allowed) > >which should block all .exe attachments, but this one gets through... i >will forward this to the qmail list as well instead of cross-posting, >but thought you might like to be aware in case your scanner is also at >risk... See the paper I presented at BSDCon (and then updated for OSCon 2001) for information on scanners that will catch it. http://www.brettglass.com/spam/paper.html --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message