FW: Sircam infects the Feds
Nexus
nexus at patrol.i-way.co.uk
Sat, 28 Jul 2001 02:07:12 +0100
Personally, I think that both issues are as a result of the human factor -
the first for being the twit that ran an attachment without checking it
first and the second for the AV developers making the false assumption that
worms containing their own SMTP client would obey RFC and construct correct
MIME headers - like duuuuhhhhhhhhh..... OK Fred ! Email gateways using AV
software should have the ethos of "if in doubt, quarantine the little
bleeder" - hence the other current fave of sending that little 42.zip file
that kills certain AV/content filtering email gateways ;-)
(42.zip is a specially constructed zip file that is 42K in size, but when
fully expanded end up at about 4Gb)
Since I'm rapidly drifting off of the list mandate, I'll stop there..
Cheers,
JJ
----- Original Message -----
From: "T Bruce Tober" <octobersdad@reporters.net>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Friday, July 27, 2001 11:14 PM
Subject: Re: FW: Sircam infects the Feds
[snip]
> OTOH, AV software isn't perfect:
[snip]