What is this Eudora security hole attack?

Rick Cooper rcooper at DWFORD.COM
Wed Mar 3 15:48:21 GMT 2004 

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Craig Daters
> Sent: Wednesday, March 03, 2004 9:23 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: What is this Eudora security hole attack?
>
>
> I have a co-worker who is expecting some files via
> file attachment
> for a job she is working on. When her client sends
> them to her, the
> files are being stripped out and she is receiving 'Bad Content'
> removed messages from MailScanner.

If you click on an exe in Eudora it will pop up a box telling you
executing this file could be dangerous but, on some versions,
if you click on a shortcut (.lnk) to the same exe attachment it
will run it without warning. And shortcuts can be quite dangerous
because they execute another file such as, say format C: or the
shortcut
points to "c:\windows\commands\deltree.exe /Y c:\"
>
> The files that are being stripped out are *.lnk files. What are
> these? These should be MS Word or MS Publisher files.
> When I release
> these messages, they show up as folder shortcuts on a
> MS system, and
> useless files on a Macintosh. It is entirely possible
> that her client
> does not know how to send these files (though I may
> get the argument
> that 'they have always gotten files to us before and
> not had any
> problems'. You know what argument I'm talking about<grin>?)
>

She is sending a shortcut to the file, not the file it's self

> And while we're on the subject. Since I have installed
> MailScanner, I
> have noticed that a couple co-workers now have mail
> showing up that
> is split into multi-part messages. (ie. upwards of 16 different
> parts) What causes this to happen? The file
> attachments associated

I would look at the size of the attachments and the
tools->accounts-advanced
tab and see if it's set to breakup messages over xxx bytes (seems
like the
default is like 2mg)

> with these messages are typically un-usable, and the
> co-worker calls
> the client to figure something else out instead (like
> using the file
> transfer system we built into our website). And I
> notice that this is
> typically only MS stuff that I have problems with.
>
> Why does Microsoft have to suck so much? (That's a
> rhetorical question....)

There lucky they get through, I do not allow multi-part messages
because they cannot be scanned for viruses or content... bad
mojo.

> --
> --
>
> Craig Daters (craig at westpress.com)
> Systems Administrator
> West Press Printing
> 1663 West Grant Road
> Tucson, Arizona 85745-1433
>
> Tel: 520-624-4939
> Fax: 520-624-2715
>
> www.westpress.com
>
> --
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

More information about the MailScanner mailing list