anomy-list

Bypassing SMTP Content Protection with Multi-Part Messages

From: 51336@xyz.molar.is
Date: Thu 12 Sep 2002 - 20:30:29 UTC

  • Next message: Brian Schonecker: "Re: Bypassing SMTP Content Protection with Multi-Part Messages"

    Has anyone seen the issues listed at:
    http://www.securiteam.com/securitynews/5YP0A0K8CM.html
    and
    http://www.theregister.co.uk/content/55/27095.html

    To summarise, messages can be fragemented using RFC 2046 message fragmentation, and while each part will not have enough
    information to be detected with a virus signature, the whole can still be
    dangerous.

    This looks like a real security threat to Outlook users.

    I am guessing that Anomy will not be able to reassemble these messages,
    but is there a good way to at least block partial MIME attachments?
    And, is this even something I would want to do?

      _______________________________________
     /\ \
    | |\ Robert C. Litman \
    | | | |
    \/__| http://www.rlitman.com |
        | ftp://ftp.rlitman.com |
      __| |
     /\ | Desk: (631) 501-2572 |
    | | | Fax: (631) 514-6626 |
    | |/ 51427@xyz.molar.is /
    \/_______________________________________/

    Attachments:
     + http://mailtools.anomy.net/archives/anomy-list//19/78/3d80f9a9/01.unnamed.html



    hosted by molar.is