[Mimedefang] Thoughts on list of "bad" extensions

Kelson Vibber kelson at speed.net
Fri Aug 15 12:12:01 EDT 2003


At 10:44 PM 8/14/2003, Steffen Kaiser wrote:
>I do not see any difference between .ASF and .EXE in the Windows world.
>The Win shell invokes the .ASF files by executing the media player, just
>like executing .EXE files. If any of them is infected, it's done.

There is a difference.  An EXE file can do anything it wants, so it's 
always dangerous.  A data file is limited by the application that handles 
it, unless that application contains a security vulnerability.  In the case 
of an ASF file, if the media player is up to date with patches, it doesn't 
matter if it's infected.  Obviously we can't assume everyone's patches are 
current, given the large number of people who keep getting hit with things 
like Blaster, but I do think it is a significant difference.

A few years ago, there was a buffer overflow in Netscape's JPEG 
handler.  Should we block JPEGs?  Last year there was the zlib 
vulnerability.  Should we block PNG and TAR.GZ?  Word and Excel files can 
contain macro viruses.  Should we block those?  The Mimail virus uses a ZIP 
file.  Maybe we shouldn't trust ZIP files anymore.

Yes, the line has to be drawn somewhere.  I'm just beginning to think it 
might be worth moving.


Kelson Vibber
SpeedGate Communications <www.speed.net> 




More information about the MIMEDefang mailing list