[EMAIL PROTECTED] wrote:
I don't have any real expectation that Clam would be able to recognize this in its JS-hta-wrapped form, now that I understand it -- but I am interested in the idea that anyone can repackage an existing Trojan in this way and slip by most scanners.
-royce
I have to disagree with "most" here - MimeDefang's default filter includes hta in its list of bad extensions.
I should have been more explicit -- s/scanners/virus scanners/g. David's comment about the uber-polymorphs certainly applies, though. :)
-royce _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
