Hi list, According to a mail in bugtraq, a new prob comes up 4 me
I was messing around with this kind of stuff a while back, theres a lot of ways you can get past mail filtering systems, because most of them wont emulate the exact behaviour of the e-mail clients, especaily if you have multiple clients. Anyway, one of the most effective methods against Outlook/Outlook express is to just name the file
eviltrojan."e"x"e
Outlook/OE will just take the quotes out of the filename before its run. I tested this on a couple mail filtering systems, and it will let the file through.
For some customers I use [body|header]_checks of postfix's filtersystem to reject mail with executable file-extension to prevent windows mailclient infenctions. But if the attachments comes in such masqueraded (think other forms are possbile to) they will go trough. Is there any possiblity to check the attachments with file command or is a more flexible reg-expression out there. Thanx in advance. Michael