Re: Outlook Exploit Filter?

Great... they give us compilable code to use if we want to make a virus out
of this.

John, I thought that your filters checked for excessive header stuff. (?)

Anyway, something like this should do the trick, shouldn't it?

# ==============

DATEHEADERCOUNT=`grep -e "^Date:" -i | wc -c`
DATEHEADERFLAG=`expr 50 - $DATEHEADERCOUNT | sed s/[0-9].*//`

:0
* DATEHEADERFLAG ?? ^^-^^
/dev/null

# ==============

Obviously, we'd want this to do some other action other than /dev/null ,
but isn't this the general idea?  Is 50 characters in a Date: header
sufficient?

Thanks.

Lee Howard


At 03:10 PM 7/19/00 -0400, Jason Allen wrote:

Has anyone cooked-up a nice recipe to filter the new Outlook/Outlook Express
exploit?   If so, please post.

http://www.securityfocus.com/bid/1481

Thanks,

Jason Allen




_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread]	Current Thread	[Next in Thread>
Outlook Exploit Filter?, Jason Allen Re: Outlook Exploit Filter?, Lee Howard <= Re: Outlook Exploit Filter?, John D. Hardin Re: Outlook Exploit Filter?, David W. Tamkin grabbing the sender, Kip Turk Re: grabbing the sender, Bill McClatchie Re: Outlook Exploit Filter?, Lee Howard Re: Outlook Exploit Filter?, Jan . Niggemann Re: Outlook Exploit Filter?, Dallman Ross RE: Outlook Exploit Filter?, Dallman Ross Re: Outlook Exploit Filter?, Dallman Ross Re: Outlook Exploit Filter?, John Summerfield

Previous by Date:	^M in .procmailrc file, Glen Lee Edwards
Next by Date:	Re: formail -r results in user(_at_)localhost(_dot_)localdomain problems, guenther+procmail
Previous by Thread:	Outlook Exploit Filter?, Jason Allen
Next by Thread:	Re: Outlook Exploit Filter?, John D. Hardin
Indexes:	[Date] [Thread] [Top] [All Lists]