[Mimedefang] testing file magic?

James Ralston qralston+ml.mimedefang at andrew.cmu.edu
Tue Jul 22 21:40:01 EDT 2003

Has anyone tried using File::MMagic (or similar) to identify hazardous

For example, if someone sent a Windows executable named "evil.txt" as
a text/plain attachment, there'd be no way to catch that in
MIMEDefang.  You'd have to hope that the attacker couldn't find a way
to get the victim (or the victim's computer) to treat it as an

But the file(1) program wouldn't be fooled:

    $ file evil.txt
    MS-DOS executable (EXE), OS/2 or MS Windows

If you could perform the equivalent of running the file(1) program on
the attachment and seeing what the file *really* is, then you could
catch such malicious attachments.

When the filter() function is running, the extracted attachment is
sitting somewhere in the "Work" subdirectory.  But I'm not certain how
to fiddle with the MIME::Entity object to get to it.

Thoughts?  Ideas?


James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA

More information about the MIMEDefang mailing list