Date: Mon, 31 Mar 2003 14:06:09 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: what was that? Message-ID: <20030331200609.GB41695@madman.celabo.org> In-Reply-To: <5.2.0.9.0.20030331143557.07ea0858@marble.sentex.ca> References: <3E887850.7010100@drweb.ru> <3E887850.7010100@drweb.ru> <5.2.0.9.0.20030331143557.07ea0858@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 31, 2003 at 02:39:49PM -0500, Mike Tancsa wrote: > Actually, will not some MS email clients (e.g. lookOUT) honor attachments > that begin in the headers ? I recall a discussion similar to this on email > AV scanner lists... Because MS would decode an attachment crammed in the > subject line, this could be a way to bypass email scanners and cram viruses > in the subject... Combined with the fact that there are many unpatched > email clients out there, this would be a nice way to spread an email worm. > > Perhaps the MS client would try and decode an attachment in the messageID ? That would explain why someone was sending such a Message-ID header, and I guess I would not be surprised that some Microsoft MUA would do something bone-headed like that. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030331200609.GB41695>