Focus on Virus
blocking BHX files with MIME May 16 2006 11:53AM
lsi (stuart cyberdelix net)
..is done by filtering for the following string:

YmVnaW4gNj

This string appears as the first ten bytes of the first line of a BHX
file encoded in MIME (eg. as it appears in an email). So all BHX
files can be filtered by searching for that string.

I forward this info as I've seen some BHX files come in recently
attached to fake bounce messages, I presume its a virus of some kind
but I didn't bother to open one so I couldn't be sure ... of course
if you/your users have a use for BHX attachments, don't block them.

This technique is a variation of that used to block all EXEs, ZIPs
and WMFs previously detailed in this forum and also on the web at
various places, including here:
http://www.spampalforums.org/phpBB2/viewtopic.php?t=6286

Stu

---
Stuart Udall
stuart at (at) cyberdelix (dot) dot [email concealed] net - http://www.cyberdelix.net/

---
* Origin: lsi: revolution through evolution (192:168/0.2)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus