Security Alert: ban very long filenames
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Jan 30 15:01:58 GMT 2003
There is a bug in some versions of some Microsoft e-mail packages that is
being actively exploited. MessageLabs claim to have stopped over 3,000
copies of it last weekend.
It relies on very long filenames, making it very easy to block.
I strongly advise you add a new rule to the top of your filename.rules.conf
file.
The line should look like
deny .{150,} Possible OE attack Possible attack
against Microsoft e-mail packages
Remember to separate the 4 "fields" on this line with tab characters and
not just spaces.
You can read more about the attack at
http://www.messagelabs.com/viruseye/report.asp?id=130
This rule will be included in the next release of MailScanner, due out at
the end of this week (1st Feb).
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list