[Mimedefang] non-virus executables
Chris Pascoe
c.pascoe at itee.uq.edu.au
Thu Oct 10 23:00:01 EDT 2002
> > Many (most? all?) Windoze MUA's ignore the MIME type. They go by the
> > filename (.exe --> executable and to h*ll with the MIME type), or even
> > (!) by the file contents (MZ --> x86 executable signature and to h*ll
> > with the MIME type).
>
> Really? I thought the worst of the virus problems came from
> Windows programs using the MIME type to decide whether or
> not to execute, but then after that decision feeding it to
> the handler registered for the type specified by the filename
> extension. (That's what makes the ones labeled as audio run
> even when you don't open them).
That was my interpretation of the problem as well, and I have done this
transparent mangling of application type since mimedefang-1.1 days.
I've attached the patch that I use to do this. To do the transparent change
I call action_defang from filter(..) as below (note the extra argument to
action_defang) on qute:
my($head) = $entity->head;
my($oldname) = $head->mime_attr("Content-Type.name");
return action_defang($entity, $oldname, $fname, "application/octet-stream",
0);
Who knows if it has had any positive effect - but at the same time we
haven't had anything negative reported.
Regards,
Chris
More information about the MIMEDefang
mailing list