[Mimedefang] non-virus executables
Les Mikesell
les at futuresource.com
Wed Oct 9 15:38:00 EDT 2002
> From: David F. Skoll
> > Could we change the MIME type to application-octet-stream
> > on questionable parts - or at least something mailers won't ever
> > launch?
>
> Many (most? all?) Windoze MUA's ignore the MIME type. They go by the
> filename (.exe --> executable and to h*ll with the MIME type), or even
> (!) by the file contents (MZ --> x86 executable signature and to h*ll
> with the MIME type).
Really? I thought the worst of the virus problems came from
Windows programs using the MIME type to decide whether or
not to execute, but then after that decision feeding it to
the handler registered for the type specified by the filename
extension. (That's what makes the ones labeled as audio run
even when you don't open them). I think all of my Windows
boxes have this bug patched now. Do you know if any MUA will
open/execute something labeled as application-octet-stream?
I'm pretty sure that it always forced IE to open a 'save-to-file'
dialog regardless of the content-disposition name, and I thought
the same routines were used by Outlook.
> I even attempted to register a MIME type with the IANA. The type was
> "vnd-roaringpenguin/defanged" and I specified that MUAs MUST NOT do
> anything with this MIME type except offer to save it to a file. My
> application was rejected precisely because MUA's often ignore the MIME
> type, so the safety is illusory.
I thought that was the point of the application-octet-stream type:
something that no program is supposed to understand and the only way to handle
it is save-to-file.
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list