Is MS vulnerable to this Unicode trick?
Beauchemin, Denis
Denis.Beauchemin at usherbrooke.ca
Fri May 13 18:40:23 IST 2011
Martin,
Not everybody is using “file”. I think those that don't use it are probably vulnerable.
Denis
________________________________________
Denis Beauchemin
Architecte Technologique - Section Infrastructure des serveurs
Service des technologies de l’information (S.T.I.)
Université de Sherbrooke
De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Martin Hepworth
Envoyé : 13 mai 2011 09:57
À : MailScanner discussion
Objet : Re: Is MS vulnerable to this Unicode trick?
names make no difference - 'file' (or varients) s used to check for executables not just based on name of file.
--
Martin Hepworth
Oxford, UK
2011/5/13 Beauchemin, Denis <Denis.Beauchemin at usherbrooke.ca>
I just read something that makes me wonder if MS can detect those Unicode names as executables?
http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole
We’ve been blocking EXE, BAT and many other executables for a long time with MS, just based on the file name. I didn’t want to use the file command because we encouraged people to rename offending attachments before sending them.
Should I start using the file command just to be on the safe side?
Thanks!
Denis
Denis Beauchemin
Architecte Technologique - Section Infrastructure des serveurs
Service des technologies de l’information (S.T.I.)
Université de Sherbrooke
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list