Posted on another list I belong to............... See Below. Regards from the "Keyboard Cowboy", Master NetLord ,,,,,,,, Ô¿Ô¬ Cincinnati, Ohio Scottsdale, Arizona «:»¤«:»¤¤¤«:»¤«:» Tuesday 07/30/2002 9:32:44 AM «:»¤«:»¤¤¤«:»¤«:» People are always blaming their circumstances for what they are. I don't believe in circumstances. The people who get on in this world are the people who get up and look for the circumstances they want, and, if they can't find them, make them. -- George Bernard Shaw +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ To: BugTraq Subject: One more way to bypass NAV Date: Mar 22 2002 10:24AM Author: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> Message-ID: <5087600242.20020322132442@xxxxxxxxxxxxxxxx> Dear BUGTRAQ@xxxxxxxxxxxxxxxxx, I've updated "Bypassing content filtering software" whitepaper http://www.security.nnov.ru/advisories/content.asp to include new way to bypass content filtering software. It confirmed to work with NAV and not to work with McAffee and KAV (AVP). Symantec was contected via support@xxxxxxxxxxxx and symsecurity@xxxxxxxxxxxx and didn't reply. 13.Case sensitivity of Content-Type and Content-Disposition Most MUAs ignore case of Content-Type and Content-Disposition headres while content filtering software may behave in different way. It makes it possible to bypass content- filtering software by using header like CONTENT-type: text/plain; NAme=\"eicar.com\" P.S. thanks to everyone on vuln-dev who participated in testing. -- http://www.security.nnov.ru /\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles) To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/