[Mimedefang] Bad Filenames Question

Richard Cooper ric at digital-animations.com
Fri Nov 22 05:30:01 EST 2002


> > Can anyone tell me why attachments with suggested filenames ending
> > ".url" (eg. events.url) are considered a "security hazard"? I just
> 
>    My guess is, to prevent someone from emailing the URL of a 
> site that
> has malicious JavaScript code or something else that takes 
> advantage of
> some hole in MSIE.
> 
>    But remember, the sample filter is just that - a sample.  It's a
> starting point for you to define your own filter rules.  
> FWIW, I cut way
> down on the number of bad extensions I look for in my filter.  My
> definition looks like this:
> 
> 	$bad_exts = '(bat|cmd|com|exe|lnk|pif|reg|scr|shs|vb|vbe|vbs)';
> 
> and it has worked well for us.

If you 'send a link by email' from IE it attaches it as a .url. The risk, like a lot of the default extensions, is in someone clicking on it without thought since the page at the end of a URL can contain anything. Its not dissimilar to the problems with an .exe considering the number and quality of the holes in IE and Outlook/Express - its not going to run automatically but is generally sent and clicked on without thought.
Its really just as easy for someone to paste the URL into their email as text, but like others, I had to remove it from my definitions due to too many complaints. 
On a similar note, is there any method for automatically zipping attachments as they pass through? This could solve a lot of complaints, although I guess it would be a resource hog.

Cheers
Ric

-- 
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Digital Animations Group.



More information about the MIMEDefang mailing list