"Dr. Michael Weller" wrote:
> That said, after the TCP_DENIED you found, are there any
> success messages? Maybe the virus tries downloads with other names
> after the failure which are not catched by the regex. I'd assume one can
> replace the eml by %hexcode%hexcode%hexcode, for example.. or something.
Squids url_regex and urlpath_regex matches are done on decoded URL
format to make sure they cannot be bypassed by such simple request
encoding.
-- Henrik Nordstrom Squid HackerReceived on Thu Sep 20 2001 - 14:09:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:19 MST