[Mimedefang] hi, and question about mimedefang-filter (filter_bad_filename)

Mark London mrl at PSFC.MIT.EDU
Tue Jul 29 14:16:02 EDT 2003


Hi - I installed mimedefang according to the online web pages, and installed
mimedefang-filter with the filter_bad_filename subroutine that looks like:

    # Bad extensions
    $bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|f\
xp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif\
|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\
\{)';
    # Do not allow:
    # - curlies
    # - bad extensions (possibly with trailing dots) at end or
    #   followed by non-alphanum
    $re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';

This seemed to work fine, until I sent a web page from Netscape 7, and the
receiver of the mail was told it had a bad attachment, the problem being that
the attachment name was:

www.petfinder.com/pet.cgi?action=2&pet=1920982&adTarget=468
petsgeneral&SessionID=3f26987d1a90052c-app2&display=&preview=1&row=0

The code finds the ".com", and so tags it as being a bad extension.
In order to avoid this problem, I added the / character in the excluded
character list:

    $re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,/]|$)';

But I'm curious A) why no one else has reported this problem, and B) will my
fix allow any bad attachments to get through?  Thanks. -   Mark



More information about the MIMEDefang mailing list