[Mimedefang] [OT] Virus without attachments
D Yeager
dyeager at teleport.com
Fri Dec 14 11:04:33 EST 2001
> This is kind of off topic. Has anyone seen a virus without an
> attachment with extensions?
> To reduce the CPU load, I am running the scanner (uvscan) only on MIME
> parts that have an extension. Is it enough?
Microsoft Outlook can use attachemnts with NO extensions or filename and a
virus can sneek in from them. It's used in Outlook when a user uses RTF
format to send mail. I silently drop ALL Content-Type: application/ms-tnef
attachments to avoid this hole. These come in without a filename at all so
can't be screened for via extension or filename. On occasion, these come in
with a filename of winmail.dat - I silently drop that as well.
If you're only scanning on extensions, you might have a vulnerability.
For more information, see the following: (or search Google for
application/ms-tnef - that's how I found out about this)
http://www.columbia.edu/acis/email/topics/antivirus.html
http://help.netscape.com/kb/consumer/19981102-1.html
Microsoft Knowledge base articles Q287720 and Q290809
More information about the MIMEDefang
mailing list