On Wed, 11 Sep 2002, Gordon Smith wrote:
Depending on the virus scanner software you use, it's not hard to write a regex to match on signatures returned from the scanning engine, and drop inappropriate messages e.g. forged headers - match Klez. It was either a Hybris variant or an earlier Klez version, can't remember which, that would grab a document off the users PC, attach itself, and send it.
This has very real security implications for the infected user.
Well I have people forward viruses to me all the time. Lots of "your customer sent me this virus" . They seem to get pissed off when they get a message back saying out anti-virus has stripped the virus out. I would hate to see how grumpy they would be if it dropped the message completely because it contained the KLEZ virus and the anti-virus software assumed it "must" have been sent by the KLEZ virus itself with a forged "From: " address. -- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon(a)darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog