anomy-list

Re: Bypassing SMTP Content Protection with Multi-Part Messages

From: 52249@xyz.molar.is
Date: Mon 16 Sep 2002 - 14:42:09 GMT

  • Next message: Bjarni R. Einarsson: "Re: RE: Bypassing SMTP Content Protection with Multi-Part Messages"

    On 13 Sep 2002, Jim Rosenberg wrote:

    > On Thu, 2002-09-12 at 16:59, Brian Schonecker wrote:
    > > I'm not so sure where to put the finger on this one. Since it's seven
    > > separate emails, there's no way for Anomy to determine that it's supposed to
    > > one, big email. So Anomy surely isn't to blame.
    >
    > Sorry, but I disagree, *STRONGLY*.
    >
    > Most other MIME filter vendors do seem to be accepting the challenge of
    > dealing with this.
    >
    > If someone can send a .exe attachment which passes through Anomy
    > untouched and arrives in the mailbox of an Outlook Express user intact
    > and double-clickable, then Anomy has failed me.
    >
    > I don't know how other admins feel, but speaking for myself, I'd be
    > quite happy to see Anomy just defang
    >
    > Content-type: message/partial;
    >
    > This should be a fairly simple fix. In the whole time I've been using
    > Anomy I can count on the fingers of a couple of hands the number of
    > times I've needed to fish a legitimate executable out of quarrantine for
    > someone; I'd be awfully surprised if legitimate cases of fragmented
    > executables start keeping me busy.
    >
    > If the fragment header is defanged, then on receipt it should simply
    > fail reassembly.
    so i am safe anyway ?
    if the first part of the message does not pass through.

    of course it might be prettier if the whole exe would be in
    the quarantine.
    >

    -- 
     BINGO: b to b Requirements
     --- Engelbert Gruber -------+
     SSG Fintl,Gruber,Lassnig   /
     A6410 Telfs Untermarkt 9  /
     Tel. ++43-5262-64727 ----+
    



    hosted by molar.is