[Mimedefang] Tighter filename matching
Karel.DeBruyne at ua.ac.be
Karel.DeBruyne at ua.ac.be
Mon Jun 3 02:35:27 EDT 2002
On Fri, 31 May 2002, David F. Skoll wrote:
> On Fri, 31 May 2002, Marc SCHAEFER wrote:
>
> > Why match by file name, where using UNIX file on it may discover
> > executables and BAT files in any current and future exploitable extension ?
>
> That's another option, but it's slower (you have to fork and exec
> file) and not reliable---I can write a .bat file which "file" says
> is "ASCII text":
>
> rem How are you today? I'm fine
> deltree /y c:\
To save some cpu cycles (no fork), you might use File::MMagic
Karel
=======================================================================
Karel De Bruyne
System/Network Manager phone + 32 3 820 22 04
UIA - Network Service fax + 32 71 83 43 00
Universiteitsplein 1 - B0.12 email dbruyne at uia.ua.ac.be
B 2610 Wilrijk - Belgium http://www.uia.ua.ac.be/u/dbruyne
=======================================================================
More information about the MIMEDefang
mailing list