OK Although it may be considered to be proprietary, is there a signature that could be incorporated into a body filter checking incoming e-mail? John T eServices For You > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Monday, January 02, 2006 9:15 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability HotFix > > http://www.ISAserver.org > > That's David's point; they're using file signature checking; not SMTP > headers. > SMTP headers are just as easily spoofed as HTTP headers and therefore > *not* to be trusted. > -------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > -------------------------------------------- > > -----Original Message----- > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, January 02, 2006 8:47 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability > HotFix > > http://www.ISAserver.org > > > David or any one, what is the line that would be seen in the body of an > e-mail indicating that it is a wmf file time picture in the body of an > e-mail? > > > > John T > > eServices For You > > > > -----Original Message----- > From: David Farinic [mailto:davidfa@xxxxxxx] > Sent: Monday, January 02, 2006 7:03 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: FYI: Hex blog: Windows WMF Metafile Vulnerability > HotFix > > > > http://www.ISAserver.org > > For WebMon3 users: > > > > As there are more than 50 variants of this exploit in wild, we added wmf > real file-type signature checking so now you can block this filetype > "whatever" extension content type it hides under. > > However you need to update to build 20060102 or later version: > > ftp://ftp.gfisoftware.com/temp/Netmon/del/20060102/webmonitor3.exe > > Handle with care as this version is currently under testing and once > proves bug free we will replace version of WM3 on our main site. > > > > With Kind Regards DavidFA. > > > > P.S: Please trust info/email like this (about WM3 updates) only if they > point to *.gfisoftware.com or *.gfi.com domains for updates. > > > > > > ________________________________ > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, January 02, 2006 3:31 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] FYI: Hex blog: Windows WMF Metafile Vulnerability > HotFix > > > > http://www.ISAserver.org > > > > Hex blog: Windows WMF Metafile Vulnerability HotFix: > http://www.hexblog.com/2005/12/wmf_vuln.html > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > davidf@xxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > This mail was checked for viruses by GFI MailSecurity. GFI also develops > anti-spam software (GFI MailEssentials), a fax server (GFI FAXmaker), > and network security and management software (GFI LANguard) - > www.gfi.com > > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx