Full Disclosure mailing list archives

Re: f-prot not catching mimail ?

From: psz () maths usyd edu au (Paul Szabo)
Date: Tue, 5 Aug 2003 07:35:35 +1000 (EST)

I cannot see anything "special" in the MIME structure of Mimail that would
cause f-prot to miss the ZIP attachment (or maybe it is the structure of
the ZIP that f-prot cannot unpack?).


I was told its the encoding scheme in the .html file thats the problem. 
Currently the scanner does not support that type of encoding.


It seems to me that the HTML contains the binary EXE without any encoding:

$ cat -v message.html | fold | head -5
MIME-Version: 1.0
Content-Location:File://foo.exe
Content-Transfer-Encoding: binary

MZM-^P^@^C^@^@^@^D^@^@^@M-^?M-^?^@^@M-8^@^@^@^@^@^@^@@^@^@^@^@^@^@^@^@^@^@^@^@^@

Regardless, f-prot should list the ZIP attachment, and the files contained
within the ZIP ...

Cheers,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

f-prot not catching mimail ? Mike Tancsa (Aug 02)
- RE: f-prot not catching mimail ? Curt Purdy (Aug 03)
- Re: f-prot not catching mimail ? dizzy (Aug 13)
- <Possible follow-ups>
- Re: f-prot not catching mimail ? Paul Szabo (Aug 03)
  - Re: f-prot not catching mimail ? Mike Tancsa (Aug 04)
  - RE: f-prot not catching mimail ? Aditya (Aug 05)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 04)
  - Re: f-prot not catching mimail ? Nick FitzGerald (Aug 04)
  - Re: f-prot not catching mimail ? (now fixed) Mike Tancsa (Aug 05)
  - Re: f-prot not catching mimail ? Nik Reiman (Aug 06)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 04)
- Re: f-prot not catching mimail ? Paul Szabo (Aug 06)