Security Alert: ban very long filenames
Rose, Bobby
brose at MED.WAYNE.EDU
Thu Jan 30 15:35:49 GMT 2003
Is this the correct article? It sounds more like multiple extensions
and not long filenames.
-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: Thursday, January 30, 2003 10:02 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Security Alert: ban very long filenames
There is a bug in some versions of some Microsoft e-mail packages that
is being actively exploited. MessageLabs claim to have stopped over
3,000 copies of it last weekend.
It relies on very long filenames, making it very easy to block.
I strongly advise you add a new rule to the top of your
filename.rules.conf file. The line should look like
deny .{150,} Possible OE attack Possible attack
against Microsoft e-mail packages
Remember to separate the 4 "fields" on this line with tab characters and
not just spaces.
You can read more about the attack at
http://www.messagelabs.com/viruseye/report.asp?id=130
This rule will be included in the next release of MailScanner, due out
at the end of this week (1st Feb).
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list