Sometime around Sat, 4 Nov 2006 15:17:22 +0000, it may be that Chris
Lightfoot wrote:
> GNU file(1) recognises PE
> executables OK (though a look at the magic file suggests
> that actually the way they do it would be easy to evade so
> better to write a little program to do it, I think; it's
> probably doable as a regex on the base64 version of the
> data).
You mean like
http://zonky.org/notes/exim-wexec-block.html ?
Not sure how effective it is because I don't use it on a high enough
volume server.
--
Mike Meredith, Senior Informatics Officer
University of Portsmouth: Hostmaster, Postmaster and Security
No security outfit ever went broke relying on the stupidity of users.