[Mimedefang] Tighter filename matching
Tony Nugent
tony at linuxworks.com.au
Fri May 31 19:45:23 EDT 2002
On Fri May 31 2002 at 09:08, "David F. Skoll" wrote:
> On Fri, 31 May 2002, Marc SCHAEFER wrote:
>
> > Why match by file name, where using UNIX file on it may discover
> > executables and BAT files in any current and future exploitable extension ?
>
> That's another option, but it's slower (you have to fork and exec
> file)
perl itself has a File-MMagic module (an rpm for it comes with
redhat distros). I've never used it myself, but wouldn't this be
the way to go if you were to examine a file in this way?
> and not reliable---I can write a .bat file which "file" says
> is "ASCII text":
>
> rem How are you today? I'm fine
> deltree /y c:\
indeed :)
> David.
Cheers
Tony
More information about the MIMEDefang
mailing list