[Mimedefang] Re: Unsafe file types
Jonas Eckerman
jonas_lists at frukt.org
Sat Dec 6 10:32:38 EST 2003
On Mon, 1 Dec 2003 16:47:19 -0500, Lee Dilkie wrote:
> Blindly blocking attachments based on file extensions is going too far IMHO.
This is a quite understandable position. It would still make sense to block some tricky extension stuff though. Like:
"yadayada.txt .exe"
"yodeldodel.zip.scr"
etc
IOW, the typical extension trickery used by some worms and trojans in order to trick the user into opening executables.
Maybe also check for mismatches between file content and extension or between mime-type and extension, triggering only on mismatches that could be exploits. I think I've spotted some such tricks before, but cant't remember now. Should research this a bit before deciding it's a good idea I guess.
Regards
/Jonas (who might weel do something like that in the near future.)
--
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/
More information about the MIMEDefang
mailing list