Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: E-Mail viruses
From: starwars <nobody () tatooine homelinux net>
Date: Sat, 6 Mar 2004 01:47:13 +0100 (CET)

Curt Purdy wrote:
Valdis.Kletnieks wrote:

So let's see.. the same bozos who read the text part of the
virus, get the password, and
use that to unzip the rest of the virus won't read the text
part, get the rename to do,

Color me dubious....

Methinks you misunderstand.  Only the proprietary extension, i.e. .inc or
.xyz or .whatever, would be allowed through, and since virus writers would
never use this extension, it would eliminate ALL viruses at the gateway.
The nice thing about this approach is that it completely eliminates the need
for any anti-virus on the mail server since all virus attachments are
automatically dropped without the need for scanning.  Quite a simple, yet
elegant solution, if I do say so myself.

Elegant, indeed. Have an MCSE on that.
I wonder why virus writers didn't think of that yet.


Dear Microsoft Windows User,

[insert usual "install this patch immediately" here]

For security reasons, the upgrade installer has been renamed to update.eex 
and cannot be executed directly. [insert "this tremendously elegant 
solution keeps you safe from viruses, because..." here].

To install this critical service pack, save the attachement to disk, rename 
it to update.exe and double-click it.

Thanks for your attention, etc. pp.

[attach your favourite update.eex]


Thank your for this inspiration.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]