Latest Bagle varient spreads in password protected rar files
John Rudd
jrudd at UCSC.EDU
Mon Mar 15 21:14:29 GMT 2004
Victor DiMichina wrote:
>
> John Rudd wrote:
>
> >
> >
> >Are you blocking just .sit files, or also .sit.bin?
> >
> >
> I was just going to block .sit and .rar. Until a virus scanner can
> peek into those and clean them up, I don't want them around. Panda,
> F-secure, Norton, and Mailscanner all let them by.
>
> I'm not familiar with .sit.bin files. Are you blocking those?
>
>
Yeah, in light of your announcement, I decided to block .sit and .rar,
but then I remembered .sit.bin, which I think is a type of encoding of
.sit files (I think it's like the old unix "uuencode", where it takes
the binary .sit file and makes into a text file of some type ... not as
widely seen as before, because MIME does that for you, with base64 ...
but it's still a form of .sit file, in a way). So, I also added
.sit.bin files "just to be sure".
More information about the MailScanner
mailing list