[Mimedefang] hi, and question about mimedefang-filter (filter_bad_filename)
Mark London
mrl at PSFC.MIT.EDU
Tue Jul 29 14:16:02 EDT 2003
Hi - I installed mimedefang according to the online web pages, and installed
mimedefang-filter with the filter_bad_filename subroutine that looks like:
# Bad extensions
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|f\
xp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif\
|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\
\{)';
# Do not allow:
# - curlies
# - bad extensions (possibly with trailing dots) at end or
# followed by non-alphanum
$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
This seemed to work fine, until I sent a web page from Netscape 7, and the
receiver of the mail was told it had a bad attachment, the problem being that
the attachment name was:
www.petfinder.com/pet.cgi?action=2&pet=1920982&adTarget=468
petsgeneral&SessionID=3f26987d1a90052c-app2&display=&preview=1&row=0
The code finds the ".com", and so tags it as being a bad extension.
In order to avoid this problem, I added the / character in the excluded
character list:
$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,/]|$)';
But I'm curious A) why no one else has reported this problem, and B) will my
fix allow any bad attachments to get through? Thanks. - Mark
More information about the MIMEDefang
mailing list