Re: Blocking .eml files
- From: "Shayne Lebrun" <slebrun@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 21 Sep 2001 13:02:27 -0400
Don't you think that this is mainly to protect people who read their
email in, say, a web browser, and would get infected by the javascript
doing it's thing when it's rendered?
In other words, sounds like foresight, not tight timeframe.
-----Original Message-----
From: Diane Poremsky [mailto:drcp@xxxxxxxxxxxx]
Sent: Friday, September 21, 2001 11:06 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Blocking .eml files
http://www.ISAserver.org
FWIW, it's not just scanmail. Antigen did the same thing and nearly
caused a flame war on another list - I would guess it's the same with
all the enterprise scanners.
It makes me wonder how tight it is - would a small change in the script
get past the scanners? :)
-----Original Message-----
I hope you read my previous post (included below), mystery
solved. ScanMail is rather cautious in its cleaning up of this virus. It
causes a false alert if the JavaScript from the web page part of the
infection is included in an email. The funny thing is I got this code
from the NT BUGTRAQ list which is co sponsored by Trend Micro.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
slebrun@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
