Dear BUGTRAQ@SECURITYFOCUS.COM, I've updated "Bypassing content filtering software" whitepaper http://www.security.nnov.ru/advisories/content.asp to include new way to bypass content filtering software. It confirmed to work with NAV and not to work with McAffee and KAV (AVP). Symantec was contected via support@symantec.com and symsecurity@symantec.com and didn't reply. 13.Case sensitivity of Content-Type and Content-Disposition Most MUAs ignore case of Content-Type and Content-Disposition headres while content filtering software may behave in different way. It makes it possible to bypass content-filtering software by using header like CONTENT-type: text/plain; NAme=\"eicar.com\" P.S. thanks to everyone on vuln-dev who participated in testing. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
