Update: MS Battles Outlook Bug

I use inflex (http://www.spyda.co.za) to preprocess all incoming

mail before it even hits the corporate network. I stopped

the ILOVEYOU virus 30 minutes after we found out about it.

Ditto for the Amex confirmation thing. (we just stopped

all *.vbs attachments).

Inflex runs all attachments through a virus checker also.

And it's open source. (Hell, it's just a shell script!)

I added the following lines to inflex as soon as we found

out about the buffer overrun:

# check for long date field buffer overrun:

CC=`grep "^Date: " ${tmpdir}/receivedmail | head -1 | wc -c`

if [ $CC -gt 45 ] ; then

# carrying the outlook buffer overrun hack:

grep -n "" ${tmpdir}/receivedmail | head -20 | sed "s/:/: /" | mail -s "Outlook buffer overrun hack" $administrator

sed "s/^Date: .*$/Date: Invalid Date Format/" ${tmpdir}/receivedmail > ${tmp

dir}/date$$

cat ${tmpdir}/date$$ > ${tmpdir}/receivedmail

rm ${tmpdir}/date$$

fi

I think the lesson here is that preprocessing is the way

to handle all this stuff.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/62/2665#2665

Is the cure worse than the problem? 2000-07-20
Anonymous (2 replies)

Is the cure worse than the problem? 2000-07-21
Anonymous (1 replies)

Is the cure worse than the problem? 2000-07-21
Anonymous

Is the cure worse than the problem? 2000-07-21
Eric Andry <eric (at) wincom (dot) net [email concealed]> (1 replies)

Is the cure worse than the problem? 2000-07-24
Anonymous (1 replies)

Is the cure worse than the problem? 2000-08-01
Anonymous

I guess a good solution for MS is... 2000-07-20
Anonymous (2 replies)

I guess a good solution for MS is... 2000-07-21
Anonymous (1 replies)

I guess a good solution for MS is... 2000-07-21
Anonymous

I guess a good solution for MS is... 2000-07-24
Anonymous

Its so easy to use! 2000-07-21
Anonymous