The enclosed email was posted in a security list. I wonder if it applies to IMail; couldn't find anything in the archives. Reprinted with permission of the author (Aidan O'Kelly):
" I was messing around with this kind of stuff a while back, theres a lot of ways you can get past mail filtering systems, because most of them wont emulate the exact behaviour of the e-mail clients, especaily if you have multiple clients. Anyway, one of the most effective methods against Outlook/Outlook express is to just name the file eviltrojan."e"x"e Outlook/OE will just take the quotes out of the filename before its run. I tested this on a couple mail filtering systems, and it will let the file through. I wrote a perl file to automagicly do it http://packetstormsecurity.org/0107-exploits/attqt.pl Of course most filtering systems will scan the file and recognize it as a executable(PE) and disallow it(same goes for vbs/js files etc, they usually look for very common VB or JS code) but Im sure they don't recognize all executable content. (like .bat files?) (or encoded data as mentioned in the advisrory) One other thing, outlook/oe will sometimes give an attachment that has no name a name, depending on the content-type, mostly all non-dangerous types, ie if you have a wav attachment, but it has no filename (in the MIME headers) but it has a content-type: audio/x-wav it will name it ATT00xxx.wav This will work with .hta files if you don't name them and give them content-type=application/hta " Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
