Vulnwatch mailing list archives
Re: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue
From: "http-equiv () excite com" <http-equiv () malware com>
Date: Sat, 8 Mar 2003 19:43:23 -0000
<!-- Step 2: Now create a text file that will be used to hold the MIME encoded attachment. Start notepad (or another text editor), and paste in: MIME-Version: 1.0 Content-Location:file:///executable.exe Content-Transfer-Encoding: base64 TVp0AQIAAAAgAAgA//8YAIAAAAAQAAIAHgAAAAEAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA --> That's a very interesting situation with content filters and anti- virus filters. How many others are affected one must wonder. Try the following as well, nothing more than pure binary: http://www.malware.com/bin.exe.zip MIME-Version: 1.0 Content-Location:File://foo.exe Content-Transfer-Encoding: binary MZD ! ÿÿu > û0jr y Lot more where that came from. End Call -- http://www.malware.com
Current thread:
- Re: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachme nt evasion issue http-equiv () excite com (Mar 08)