[Mimedefang] Thoughts on list of "bad" extensions

Matt Bruce mbruce at insl.co.uk
Mon Aug 18 07:53:00 EDT 2003


Kelson Vibber wrote:

> There is a difference.  An EXE file can do anything it wants, so it's
> always dangerous.  A data file is limited by the application that handles
> it, unless that application contains a security vulnerability.

One point worth remembering here is that some media files can have a "start
browser" command embedded in them. I've seen this with some ASF files
travelling across networks I manage - just before the end of the video the
machine's browser is opened and directed to a website, which can of course
contain malicious code. Though usually it's just a website to advertise more
videos of people bumping uglies.

Again it's relying upon a vulnerability, but it makes it even more important
that you justify allowing these types of media across your network -
especially via *email* (ok, I'm a purist).

If it's possible to spawn a browser process, anyone know if it's possible to
spawn any programme of choice (Word, etc)?

Cya,
Matt




More information about the MIMEDefang mailing list