[Mimedefang] hi, and question about mimedefang-filter (filter_bad_filename)

[Kevin A. McGrail]

Mark,

I can't disagree that the problem will exist in other browsers/email
clients, etc and Netscape 7.1 was based on Mozilla 1.4 so what you are
saying makes sense.  For all intents, I consider Mozilla and Netscape as one
entity though I should be more specific.

However, if your users are windows based, my opinion is that these
attachments should be blocked.  If this is seriously problematic, you could
probably remove it from the bad_extensions list and then add a routine to do
an if re_match for .com that then check if the attachment is an HTML file
attached and not an exe.

This is just theoretical but I think that should be fundamentally simple.
The problem is whether confirming the MIME type is enough.  Anyway, the
default filter calls filter_bad_filename in two places but the following
better-than-pseudo-code might get your started:

if (filter_bad_filename($entity)) {
        md_graphdefang_log('bad_filename', $fname, $type);
        return action_quarantine($entity, "An attachment named $fname was
removed from this document as it\nconstituted a security hazard.  If you
require this document, please contact\nthe sender and arrange an alternate
means of receiving it.\n");
} elsif (re_match($entity, '\.com\.*([^-A-Za-z0-9_.,]|$)' ) and $type ne
"text/html") {
        md_graphdefang_log('bad_filename', $fname, $type);
        return action_quarantine($entity, "An attachment named $fname was
removed from this document as it\nconstituted a security hazard.  If you
require this document, please contact\nthe sender and arrange an alternate
means of receiving it.\n");
}

Regards,

KAM
----- Original Message ----- 
From: "Mark London" <mrl at PSFC.MIT.EDU>

> The problem is also present in the latest version of Mozilla. If you do a
> "Send Page", to mail a web page to someone, you get the URL as the
filename:
>