RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix
- From: "John T \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 2 Jan 2006 10:12:29 -0800
OK
Although it may be considered to be proprietary, is there a signature that
could be incorporated into a body filter checking incoming e-mail?
John T
eServices For You
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Monday, January 02, 2006 9:15 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability
HotFix
>
> http://www.ISAserver.org
>
> That's David's point; they're using file signature checking; not SMTP
> headers.
> SMTP headers are just as easily spoofed as HTTP headers and therefore
> *not* to be trusted.
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, January 02, 2006 8:47 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability
> HotFix
>
> http://www.ISAserver.org
>
>
> David or any one, what is the line that would be seen in the body of an
> e-mail indicating that it is a wmf file time picture in the body of an
> e-mail?
>
>
>
> John T
>
> eServices For You
>
>
>
> -----Original Message-----
> From: David Farinic [mailto:davidfa@xxxxxxx]
> Sent: Monday, January 02, 2006 7:03 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability
> HotFix
>
>
>
> http://www.ISAserver.org
>
> For WebMon3 users:
>
>
>
> As there are more than 50 variants of this exploit in wild, we added wmf
> real file-type signature checking so now you can block this filetype
> "whatever" extension content type it hides under.
>
> However you need to update to build 20060102 or later version:
>
> ftp://ftp.gfisoftware.com/temp/Netmon/del/20060102/webmonitor3.exe
>
> Handle with care as this version is currently under testing and once
> proves bug free we will replace version of WM3 on our main site.
>
>
>
> With Kind Regards DavidFA.
>
>
>
> P.S: Please trust info/email like this (about WM3 updates) only if they
> point to *.gfisoftware.com or *.gfi.com domains for updates.
>
>
>
>
>
> ________________________________
>
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, January 02, 2006 3:31 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] FYI: Hex blog: Windows WMF Metafile Vulnerability
> HotFix
>
>
>
> http://www.ISAserver.org
>
>
>
> Hex blog: Windows WMF Metafile Vulnerability HotFix:
> http://www.hexblog.com/2005/12/wmf_vuln.html
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> davidf@xxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> This mail was checked for viruses by GFI MailSecurity. GFI also develops
> anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker),
> and network security and management software (GFI LANguard) -
> www.gfi.com
>
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
