Re: SoBig.F strange problem

["Scott M. Algatt" <salgatt () turtleshell net>]

The infected site could have a content filter on their end that strips
.pif attachments.  We have this running at one of our locations only we
have the mail server send a courtesy message on the E-mail saying that
here is your E-mail but the attachment was removed because blah blah.

Of course with this recent virus we started simply dropping these messages
so that we don't have our users mailbombed.


Regards,

Scott M. Algatt

Behold the turtle. He makes progress only when he sticks his neck out.

On Wed, 20 Aug 2003, Jeremiah Cornelius wrote:

> > > We've noticed a few problems with it as well.  We've received a few e-
> > > mails with one of the typical Sobig subject lines, only no
> > > attachment.  The attachment headers are in the e-mail, so our MUA
> > > thinks there is an attachment, but there is just no "body" to the
> > > attachment.
> > >
> > > Either there are a few broken variants out there sending out e-mail
> > > without the payload, or something in-between us and the sender is
> > > stripping out the attachment.  It isn't our AV system, since it would
> > > quarantine the entire message.
> > >
> > > Has anyone else experienced this?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html