[Mimedefang] hi, and question about mimedefang-filter (filter_bad_filename)

Mitch at 0Bits.COM Mitch at 0Bits.COM
Tue Jul 29 16:57:05 EDT 2003

I've never seen an attachment name like that. I would actually
consider that a bad filename. That is a URL more than a filename.
Remember / is a metacharacter to delimit directories - well in
a UNIX filesystem anyhow, so should definetly NOT be used in a
filename for attachments.

I don't believe your change will let bad filename extensions to
get thru, but taking into consideration my previous comment, i
don't believe you really want to do what you did.

Just my opinion.
-------- Original Message --------
Subject: [Mimedefang] hi, and question about mimedefang-filter (filter_bad_filename)
Date: Tue, 29 Jul 2003 14:05:34 -0400
From: Mark London <mrl at PSFC.MIT.EDU>
Reply-To: mimedefang at lists.roaringpenguin.com
To: MIMEDEFANG at lists.roaringpenguin.com

Hi - I installed mimedefang according to the online web pages, and installed
mimedefang-filter with the filter_bad_filename subroutine that looks like:

    # Bad extensions
    $bad_exts =
    # Do not allow:
    # - curlies
    # - bad extensions (possibly with trailing dots) at end or
    #   followed by non-alphanum
    $re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';

This seemed to work fine, until I sent a web page from Netscape 7, and the
receiver of the mail was told it had a bad attachment, the problem being
that the attachment name was:


The code finds the ".com", and so tags it as being a bad extension.
In order to avoid this problem, I added the / character in the excluded
character list:

    $re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,/]|$)';

But I'm curious A) why no one else has reported this problem, and B) will
my fix allow any bad attachments to get through?  Thanks. -   Mark

More information about the MIMEDefang mailing list