Dear BUGTRAQat_private, I've updated "Bypassing content filtering software" whitepaper http://www.security.nnov.ru/advisories/content.asp to include new way to bypass content filtering software. It confirmed to work with NAV and not to work with McAffee and KAV (AVP). Symantec was contected via supportat_private and symsecurityat_private and didn't reply. 13.Case sensitivity of Content-Type and Content-Disposition Most MUAs ignore case of Content-Type and Content-Disposition headres while content filtering software may behave in different way. It makes it possible to bypass content-filtering software by using header like CONTENT-type: text/plain; NAme=\"eicar.com\" P.S. thanks to everyone on vuln-dev who participated in testing. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 09:16:28 PST