[Mimedefang] Unsafe file types
David F. Skoll
dfs at roaringpenguin.com
Sun Nov 30 11:30:49 EST 2003
On Sun, 30 Nov 2003, Jon R. Kibler wrote:
> > To be super-safe, you should look at the file name, and also the
> > file contents -- if the first few bytes of the file match a Windoze
> > executable signature, you should probably prevent delivery.
> This is the best idea I have heard yet... suggestions on how to implement it?
Sure. Here it is, untested, with no error checking; you really should
check that bodyhandle and path are defined() before using them:
sub filter ($$$$) {
my($entity, $fname, $ext, $type) = @_;
my $path = $entity->bodyhandle->path;
if (open(IN, "<$path")) {
read(IN, $first_two_chars, 2);
close(IN);
if ($first_two_chars eq "MZ") {
return action_bounce("$fname smells like a Windoze EXE...");
}
}
}
Of course, this will reject mail that has a part beginning with "MZ",
but the false-positive rate should be rather low. :-)
Regards,
David.
More information about the MIMEDefang
mailing list