[Mimedefang] Bad Filenames Question
Graham Dunn
gdunn at inscriber.com
Thu Nov 21 16:30:01 EST 2002
On Thu, Nov 21, 2002 at 03:16:52PM -0500, David F. Skoll wrote:
> On Thu, 21 Nov 2002, Rick Mallett wrote:
>
> > Can anyone tell me why attachments with suggested filenames ending
> > ".url" (eg. events.url) are considered a "security hazard"?
>
> Bad filenames are in the eyes (OS?) of the beholder...
>
> I don't use Windows, so I generated the list based on "street knowledge"
> and contributions from others on this list. Apparently, Microsoft has
> a list of "dangerous" extensions somewhere; not sure where.
http://support.microsoft.com/default.aspx?scid=KB;en-us;q262631
They don't explain why .url is on the list. The outlook email security
update blocks this extension though.
There's sort of an explanitory work around at
http://www.poremsky.com/send_link.htm
Graham
More information about the MIMEDefang
mailing list