RE: Email Issues

[LordInfidel () directionweb com]

if your vscan at the mail gateway is set to only scan above certain
file sizes, it will allow the file thru, regardless if the extension
is blocked.

To test it:
let's say your blocking all exe's
if you create a txt file then rename it block.exe and send it
thru, it will probably slip thru.

take that same text file add 10 characters, send it back thru as
a exe.  Again it will probably go thru.

But now populate it with several pages of garbage and send it
back thru, and it will probably get blocked


-----Original Message-----
From: MARTIN M. Binoni [mailto:benoni_martin () hotmail com]
Sent: Friday, February 27, 2004 10:14 AM
To: dodiorne () newmarcorp com; security-basics () securityfocus com
Subject: RE: Email Issues


We are experiencing that as well in our company...but, I just delete them, 
don't have time to check this out, and..it is well known that attached files

can be dangerous! :)


> From: "Derek Odiorne" <dodiorne () newmarcorp com>
> To: <security-basics () securityfocus com>
> Subject: RE: Email Issues
> Date: Thu, 26 Feb 2004 14:09:56 -0500
>
>  I am experiencing the same thing.  Upon opening the zip file there is
> no files in it.
>
> -----Original Message-----
> From: sean.osullivan () ise ie [mailto:sean.osullivan () ise ie]
> Sent: Thursday, February 26, 2004 4:51 AM
> To: security-basics () securityfocus com
> Subject: Email Issues
>
> Hi All
>
> Something weird has been happening the last three days. We have been
> getting mails that look like the NetSky virus (smae text and
> attachments), to a certain mailboxs, but the weird thing is that the
> .zip attachment is 78 Bytes, the actual virus .zip file is 22,016 bytes.
> Another things is our Mailsweeper is set to block all .zip files but
> this one is getting through. I did a test and sent a mail with a normal
> .zip attachment to this mail box and it got blocked. Has anyone seen
> this or have any ideas on what its all about?
>
> Thanks in advance.
>
> Sean
>
>
> **********************************************************************
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.mimesweeper.com
> **********************************************************************
>
>
> ------------------------------------------------------------------------
> ---
> ------------------------------------------------------------------------
> ----
>
> -----------------------------------------------------------------------
>
> This communication (including any attachments) is intended only for the 
> person or entity to which it is addressed and may contain confidential 
> and/or privileged information.  If you
> are not the intended recipient, any retransmission, dissemination, 
> distribution, disclosing, copying, or using any of this information is 
> strictly prohibited.  If you received this communication in error, please 
> contact the sender immediately and delete or destroy the
> material in its entirety.
>
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
-
>

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------