This string appears as the first ten bytes of the first line of a BHX
file encoded in MIME (eg. as it appears in an email). So all BHX
files can be filtered by searching for that string.
I forward this info as I've seen some BHX files come in recently
attached to fake bounce messages, I presume its a virus of some kind
but I didn't bother to open one so I couldn't be sure ... of course
if you/your users have a use for BHX attachments, don't block them.
This technique is a variation of that used to block all EXEs, ZIPs
and WMFs previously detailed in this forum and also on the web at
various places, including here:
http://www.spampalforums.org/phpBB2/viewtopic.php?t=6286
Stu
---
Stuart Udall
stuart at (at) cyberdelix (dot) dot [email concealed] net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192:168/0.2)
YmVnaW4gNj
This string appears as the first ten bytes of the first line of a BHX
file encoded in MIME (eg. as it appears in an email). So all BHX
files can be filtered by searching for that string.
I forward this info as I've seen some BHX files come in recently
attached to fake bounce messages, I presume its a virus of some kind
but I didn't bother to open one so I couldn't be sure ... of course
if you/your users have a use for BHX attachments, don't block them.
This technique is a variation of that used to block all EXEs, ZIPs
and WMFs previously detailed in this forum and also on the web at
various places, including here:
http://www.spampalforums.org/phpBB2/viewtopic.php?t=6286
Stu
---
Stuart Udall
stuart at (at) cyberdelix (dot) dot [email concealed] net - http://www.cyberdelix.net/
---
* Origin: lsi: revolution through evolution (192:168/0.2)
[ reply ]