Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where to get " code red worm source" ?

From: Ryan Russell <ryan () securityfocus com>
Date: Thu, 30 Aug 2001 11:39:04 -0600 (MDT)
On Thu, 30 Aug 2001, Phil Wood wrote:


I've learned some things from this.  In particular, when I send something like
this again, it will be only readable on unix like systems, or systems with
openssl capability.  Another thing I learned is what kind of anti-virus
software I might want to buy.  No single AV application caught all 5 encapsulations that I sent.  But, some did get 4 
of the 5.  But, that's for a later
message.


The way we handle things like this on our lists is to have the poster put
the item into a password-protected .zip file.  Limits it to (mostly)
Windows users, but it's the most universal format we've found.  You put
the password in the body of the e-mail.  Scanners can't touch it that way.
You'll get a handful of bounces from gateways that refuse all attachments,
or attachments they can't scan.

                                        Ryan


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: