RE: [Exim] the Klez virus

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Douglas Gray Stephens
Ημερομηνία:  
Προς: Sedat Yilmazer
Υ/ο: 'Brown', exim-users
Αντικείμενο: RE: [Exim] the Klez virus
Sedat,

At 13:11 (GMT+0300) on 10-May-2002, Sedat Yilmazer wrote:
>
> System_filter.exim has a bug. It only looks for file names WITHOUT a
> spave in it. If you send an "some virus file .exe" then }t passes
> through. I have changed the "......\\\\S+.... in the file name cheching
> with .....[^\n\r]+ and it seems to be working fine now...


I do not agree. Spaces in file names should be quoted (may that
should be a MUST in IETF language), e.g.
name="somthing with a space.txt"
the virus is not quoting the name, so using
name=somthing with a space.txt

As the message is part of a multipart related MIME message, the mail
client may not need to use the file name, and so this broken mime
header is not trapped.

Douglas.

>
> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On
> Behalf Of Brown
> Sent: Friday, May 10, 2002 6:05 AM
> To: Exim List
> Subject: [Exim] the Klez virus
>
> This is a multi-part message in MIME format.
> --
> [ Picked text/plain from multipart/alternative ]
> Hi all,
>
> i'm having a bit of trouble filtering emails infected by the klez virus.
> I'm currently using system_filter.exim, which works well, but klez seems
> to be able to get through. Does anyone have any suggestions?
>
> Thanks
>
> Steven
> --
>
>
>
>
>


--

================================
Douglas GRAY STEPHENS
Technical Architect (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGrayStephens@???
================================