OT: (\x01)BOUNDARY_OUTLOOK Messages?
Julian Field
MailScanner at ecs.soton.ac.uk
Sat Mar 4 16:32:34 GMT 2006
James Gray wrote:
> On Sat, 4 Mar 2006 00:56, Joshua Hirsh wrote:
>
>> I've been seeing quite a few messages come through lately that only
>> contain the word BOUNDARY_OUTLOOK, with a single character at the start
>> of the word (\x01) (file picks it up as MIPSEL-BE MIPS-III ECOFF
>> executable not stripped, so they're blocked).
>>
>> Is this scrap from some type of broken virus?
>>
>> Google doesn't really offer up anything on this..
>>
>> -Joshua
>>
>
> Ditto here. Got a couple of them about a week ago, and a few more the other
> day. I've compared the binary between a few of the messages and it's been
> different each time. I also fired a (zipped) copy off to a friend who is a
> bit of a hardware hacker and couldn't find anything that even vaugley
> resembled assembly etc for any CPU's he's played with (which is many -
> embedded stuff up to Intel/Sparc/Motorola/AMD/etc).
>
> In short - they seem harmless. Usual disclaimers apply though.
>
I have seen this once myself too. I added a "COFF executable" "allow"
rule to filetype.rules.conf. Would people like me to add that to the
distribution? Real COFF executables are pretty harmless as far as I
know, but I'm sure someone will correct me. Does anyone use COFF any
more? Most systems now use ELF instead.
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list