Security Incidents mailing list archives
Re: recent sadmin worm
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 15 May 2001 10:08:30 -0600 (MDT)
Yup. Most mail antivirus setups will react to all kinds of stuff,
including keywords and file types.
If you want to avoid finding out who is running what virus gateway, put
the file in a password-protected .zip file. You'll only get replies from
a handful of gateways that block .zips. Include the password in the note.
The only downside here is that I believe this limits the people who can
open the file to Windows users, maybe Mac.
Ryan
On Tue, 15 May 2001, Vitaly Osipov wrote:
phew, I got about 200 replies from antivirus programs about "virus contained in a message". I wonder what's the use of marking this _perl_ script as a virus - it is an exploit program, no more, no less... Looks like it's a rather non-creative attempt by virus-scanner makers to stop some popular exploits (or to have a reason to say that their signature base is very big
Current thread:
- recent sadmin worm Vitaly Osipov (May 14)
- Re: recent sadmin worm Vitaly Osipov (May 15)
- Re: recent sadmin worm Ryan Russell (May 15)
- Re: recent sadmin worm Devdas Bhagat (May 15)
- Re: recent sadmin worm Nick FitzGerald (May 16)
- Re: recent sadmin worm Ryan Russell (May 15)
- <Possible follow-ups>
- Re: recent sadmin worm Vitaly Osipov (May 15)
- Re: recent sadmin worm Robert Kinsey - VIS Contractor (May 15)
- Re: recent sadmin worm Vitaly Osipov (May 15)