Re: [exim] Word-Virus - Filename not detected

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M\Der komplette Thread sortiert nach Datum
MMCyborg am <-
Jeremy Harris am ->
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: Exim-users
Betreff: Re: [exim] Word-Virus - Filename not detected
Am 09.11.2017 um 16:08 schrieb Cyborg:
> Hi,
>
> this is part of a virus email :
>
>
> --------------439767554304687794273679
> Content-Type: application/msword;
> name="ARY7411 - 08.11.2017.doc"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> filename="ARY7411 - 08.11.2017.doc"
>
> UEsDBBQABgAIAAAAIQBw5s8ffAEAAOYFAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo
> oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> .....
>
> Its the only part, where a filename is given.
>
> But "$mime_filename" stays empty, so the filename can't get detected
> inside exims filter
>
>

Case closed:

The email mime-header Content-Type: in the real header, was tampered
with, so exim
did see what it was: a message without a mimepart. Therefor it never
decoded the attachment
and never stumpled over the filename to block.

Exim did not make a mistake here, and any other processing client like
outlook, who assembles the mail as having an attachment
makes an error (which the enduser will regret in this case, as it
contains a DOC Dropper virus )


best bregards,
Marius

Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [exim] Exim and MySQL with UTF-8 encodingRe: [exim] Word-Virus - Filename not detected->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)