[Mimedefang] New virus out, how do I confirm no errors?
David F. Skoll
dfs at roaringpenguin.com
Wed Dec 5 10:45:24 EST 2001
On Wed, 5 Dec 2001, Fox, Randy wrote:
> Here's an entire header......
[deletia]
> ------_=_NextPart_000_01C17CF5.E1418EAA
> Content-Type: application/octet-stream;
> name="gone.txt"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> filename="gone.txt"
Look at the extension... it's ".txt", which your filter will allow
through. Will such an attachment actually execute in Windows? I
believe most Windows mail clients ignore the Content-Type: header and
only go by the extension. However, a more careful filter would check
the content type as well:
# ...
if ($type eq "application/octet-stream") {
# Discard or warn or whatever...
}
# ...
There are a lot of possible content types, though, so this can get hairy.
A very paranoid site would allow only text/html or text/plain (and even
text/html is iffy...)
Regards,
David.
More information about the MIMEDefang
mailing list