email vulnerability tests

Kevin Spicer kevins at BMRB.CO.UK
Fri Oct 24 23:41:30 IST 2003

On Fri, 2003-10-24 at 23:33, Peter Bonivart wrote:

>There's already a rule covering this in filename.rules.conf:

>deny    \s{10,}         Filename contains lots of white space

>I wonder why it didn't stop the "hide.hta (lots of space here) "?

Because its a subject not a filename.  The exploit appears to be that
certain mail clients give an attachment with no name the message subject
as a name, thus triggering the exploit.

BMRB International
+44 (0)20 8566 5000
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our

More information about the MailScanner mailing list