Hi list, According to a mail in bugtraq, a new prob comes up 4 me
I was messing around with this kind of stuff a while back, theres a lot of ways you can get past mail filtering systems, because most of them wont emulate the exact behaviour of the e-mail clients, especaily if you have multiple clients. Anyway, one of the most effective methods against Outlook/Outlook express is to just name the file
eviltrojan."e"x"e
Outlook/OE will just take the quotes out of the filename before its run. I tested this on a couple mail filtering systems, and it will let the file through.
For some customers I use [body|header]_checks of postfix's filtersystem to reject mail with executable file-extension to prevent windows mailclient infenctions. But if the attachments comes in such masqueraded (think other forms are possbile to) they will go trough. Is there any possiblity to check the attachments with file command or is a more flexible reg-expression out there. Thanx in advance. Michael
Hi, I don't not exactly what kind of filter is used in postfix. But if you need an regexp, that matches for all file names ending in something including e, x and e in that order, I think "\..*e.*x.*e$" should work. Greetings, Stefan Nauber Cs2 Informatik GmbH & Co. KG - Niederlassung West - Kurfürstenanlage 3 69115 Heidelberg Germany Tel.: +49 (6221) 6041-0 Fax : +49 (6221) 6041-50 Email: mailto:stefan.nauber@cs2-informatik.de Internet: http://www.cs2-informatik.de
participants (2)
-
Michael Appeldorn
-
Stefan Nauber