Ryan Russell <ryanat_private> wrote: > Yup. Most mail antivirus setups will react to all kinds of stuff, > including keywords and file types. Yep, but note that often it is the "content management" wrapper, not the virus scanner per se that does the really silly stuff. For example, several gateways will bounce this message because of this line: CreateObject and will most likely tell me the message is being rejected because it contains "potentially dangerous VBS" or "VBS code commonly found in viruses". The slightly less braindead virus/content scanning gateways will, however, not be upset by that line, and might ordinarily be quite happy to let this message through. But we can easily pick a few more of them out with this line: CreateObject("Scripting.FileSystemObject") and a few may just need to see something like this: Set FSO = CreateObject("Scripting.FileSystemObject") before being upset enough with me to block the message. I'm sure the people that wrote and/or configured these systems think they are doing a really good job of securing their networks, but because of their stupidity they will be missing out on messages they should see, such as ones that mention these idiocies and point out how easily such filters are bypassed (as I did in a recent post to another Security Focus mailing list). > If you want to avoid finding out who is running what virus gateway, put > the file in a password-protected .zip file. You'll only get replies from > a handful of gateways that block .zips. Include the password in the note. > > The only downside here is that I believe this limits the people who can > open the file to Windows users, maybe Mac. InfoZip's unzip should handle password protected zip files on every platform it has been ported to... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
This archive was generated by hypermail 2b30 : Wed May 16 2001 - 09:42:41 PDT