Checking Suspected E-Mails

Rick Chadderdon mailscanner at yeticomputers.com
Mon Jun 19 17:20:57 IST 2006


It's not the html that's a problem there, it's the filename.  I can't
think of a legitimate reason that anyone would name their resume with a
CLSID string in the filename, at least not any reason that doesn't
assume some specialized, prearranged setup on the receiving end.  In any
case, the problem it described in more detail here:

http://secunia.com/advisories/10736/

I've found that it's best to request that resumes be sent in plain ASCII
text format.  It helps me learn whether candidates can A. Follow
directions.  (Many can't.  I still end up getting at least a quarter,
and sometimes more than half of all resumes sent to me in Word, Word
Perfect, HTML - you name it - formats.) B.  Create a compelling resume
without resorting to pretty tricks.

Rick

Kaplan, Andrew H. wrote:
>
> The report that I am seeing is the following:
>
>  
>
> MailScanner: Files containing  CLSID's are trying to hide their real
> type (TIBOR_BERNER{3EDC67F9-93A4-42C3-AEC1-502D90D9A895}.html)
>
>  
>
> If the resumes were sent as HTML files, it is possible they are
> innocuous. Still, it probably would be better to have the sender
> resend them in a format
>
> other than HTML. Your thoughts?
>
>  
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of
> *Julian Field
> *Sent:* Monday, June 19, 2006 11:36 AM
> *To:* MailScanner discussion
> *Subject:* Re: Checking Suspected E-Mails
>
>  
>
> The useful information is in the Attachment-Warning.txt attachment
> that has been attached to his message, in replacement of the original
> file.
>
> Read *all* of it.
>
>  
>
> On 19 Jun 2006, at 16:26, Kaplan, Andrew H. wrote:
>
>
>
> Hi there --
>
>  
>
> One of users of our server received several e-mails indicating that a
> "Bad Filename was Detected". The e-mails in question
>
> were resumes that were sent to him from a recruiting company. The user
> has asked if there is a way to determine if the
>
> e-mails are truly suspect.
>
>  
>
> What would be the best way to determine this? Thanks.
>
> -- 
>
> MailScanner mailing list
>
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>  
>
> Before posting, read http://wiki.mailscanner.info/posting
>
>  
>
> Support MailScanner development - buy the book off the website! 
>
>  
>
> -- 
>
> Julian Field
>
> www.MailScanner.info
>
> Buy the MailScanner book at www.MailScanner.info/store
> <http://www.MailScanner.info/store>
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060619/c4c1e388/attachment.html


More information about the MailScanner mailing list