[Mimedefang] Thoughts on list of "bad" extensions
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Fri Aug 15 01:47:38 EDT 2003
On Thu, 14 Aug 2003, Kelson Vibber wrote:
> I'm beginning to wonder if it's worth including media and other data files
> in the list of bad extensions. Is it worth defanging every video clip or
> player skin sent because someday someone *might* send one with an exploit
> before the virus scanners pick up on it? Or would it be better to separate
> out the high-risk file types (i.e. executables) from the medium-risk ones?
I do not see any difference between .ASF and .EXE in the Windows world.
The Win shell invokes the .ASF files by executing the media player, just
like executing .EXE files. If any of them is infected, it's done.
You can easy tweak the filter to not filter messages (or skip the
bad_filename part) for local mail or something appropriate. You could even
implement a auto-ZIP feature for outgoing mail ;-)
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list