[Dshield] forged Yahoo.com Mail Errors contain virus!

Wayne Jr wayne_jr at pacbell.net
Sun Jun 1 03:02:33 GMT 2003


    I just started using Benign on my private email...  It goes through the email and rewrites it somewhat
to try to eliminate dangerous things before my email program gets it.  I don't claim to understand
everything about this program, but it seems to work pretty nicely so far.
Wayne Jr.

http://www.firetrust.com/support/benign/faq/?PHPSESSID=f67f61e978cdf458ee1a2e328743339b
    Benign is a system for processing and filtering email as it is downloaded. The aim of the processing
and filtering operations is to remove a number of potential risks to the user's privacy and security,
including (but not limited to) web bugs, scripting viruses, worms, and trojans, and other potentially
malicious content.
    Benign is a program that is run on your own computer. By reconfiguring the email program to contact
Benign, instead of the remote server, when downloading messages, Benign can intercept and monitor the POP3
session while it is in progress.
    When the e-mail program attempts to download a message, Benign sends the command on to the remote mail
server, but intercepts the mail as it is sent back from the remote server, and processes and filters the
message before passing the filtered message on to the e-mail program.
    In this way Benign is able to perform the desired processing and filtering operations on incoming
e-mail regardless of the e-mail program software or POP3 server software.

John Hardin wrote:

> On Sat, 2003-05-31 at 12:38, James C. Slora Jr. wrote:
> >
> > **** Those whose users will not tolerate dropping HTM attachments need to
> > worry very much. Virus definitions have not helped me in a single case,
> > because the wave of infected messages is mostly over by the time the
> > definitions are released.
>
> I *believe* the procmail sanitizer successfuly defends against this
> attack, as it defangs active HTML content in emails. The SCRIPT tags get
> mangled.
>
> http://www.impsec.org/email-tools/procmail-security.html
>
> --
> John Hardin  KA7OHZ                           <johnh at aproposretail.com>
> Internal Systems Administrator                    voice: (425) 672-1304
> Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
> -----------------------------------------------------------------------
>   ...the Fates notice those who buy chainsaws...
>                                              -- www.darwinawards.com
> -----------------------------------------------------------------------
>  46 days until Apropos Forum 2003
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> ----------------------------------------------------
> This message has been processed by Firetrust Benign.




More information about the list mailing list