[Dshield] How Nimda writer sent it?

Coxe, John B. JOHN.B.COXE at saic.com
Thu Mar 6 21:29:04 GMT 2003


These demonstrate how poorly Antigen filters mail.  It matched on the text
(Conntent-Type line) outside the context of a MIME header in my reply to the
Dshield posting.  There are design deficiencies that are exposed in many
"respectable" vendors' products similarly.  I mean, geez, this is just a
simple content filter, hardly cutting edge.  Imagine a huge company like
Disney depending such crap.

-----Original Message-----
From: ANTIGEN_SJMEMEXC1 [mailto:ANTIGEN_SJMEMEXC1 at stjude.org]
Sent: Thursday, March 06, 2003 12:29 PM
To: 'JOHN.B.COXE at saic.com'
Subject: Antigen found VIRUS= HTML/MIME_Exploi (Norman) virus


Antigen for Exchange found Unknown infected with VIRUS= HTML/MIME_Exploi
(Norman) virus.
The file is currently Removed.  The message, "RE: [Dshield] How Nimda writer
sent it?", was
sent from Coxe, John B.  and was discovered in IMC Queues\Inbound
located at SJCRH/STJUDE/SJMEMEXC1.

-----Original Message-----
From: Antigen at email.disney.com [mailto:Antigen at email.disney.com]
Sent: Thursday, March 06, 2003 12:34 PM
To: JOHN.B.COXE at saic.com
Subject: Disney's Exchange Anti-Virus software found VIRUS=
HTML/MIME_Exploi (Norman) virus


**** WARNING **** WARNING **** WARNING **** WARNING **** 

A virus was detected in this message and the part(s) of the message that
were infected have been deleted.

Please do not send any more messages until the virus infection has been
removed from your PC.
 
Contact your computer help desk IMMEDIATELY to learn what you need to do
next.

The virus name was VIRUS= HTML/MIME_Exploi (Norman)

The message information follows:
SUBJECT: RE: [Dshield] How Nimda writer sent it?



More information about the list mailing list