Security Incidents mailing list archives
Re: MIME type of readme.eml (was Re: Web site infected by Nimda
From: "Nick FitzGerald" <nick () virus-l demon co uk>
Date: Thu, 20 Sep 2001 12:56:08 +1200
Rob Quinn <rquinn () sec sprint net> wrote:
Interestingly, the content type from www.wininternals.com (aka 207.30.43.69, aka underconstruction.infoback.net) is application/octet-stream. The content type on www.digimind.fr is correct at "message/rfc822."Anyone have a breakdown on the MIME types they are seeing _IN HTTP_?
Nope -- not been looking...
It's been too long since I installed a web server - am I remembering correctly that the MIME type is set by a web server config file, and not the HTTP in the web page itself?
However, I can answer this. The web server sets the type that is reported in the HTTP transfer conversation. That is, the "Content-Type: text/html" or whatever is done by the server. I wouldn't count on IE to "respect" that though -- for example, it is well-known that IE will scan the first few hundred bytes of GIFs and JPGs for HTML tags despite the files being specified by the server with the correct image types. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda - collected information Berislav Kucan (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- RE: Web site infected by Nimda Ken Pfeil (Sep 19)
- RE: Web site infected by Nimda John Q. Public (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Nick FitzGerald (Sep 19)
- Re: MIME type of readme.eml (was Re: Web site infected by Nimda Rob Quinn (Sep 20)
- RE: Web site infected by Nimda Jac Engel (Sep 19)
- Web site infected by Nimda acz [iSecureLabs] (Sep 19)