[Mimedefang] Unsafe file types
Kenneth Porter
shiva at sewingwitch.com
Sun Nov 30 20:05:26 EST 2003
--On Sunday, November 30, 2003 10:34 AM -0500 "David F. Skoll"
<dfs at roaringpenguin.com> wrote:
> Renaming prog.exe to prog.exe.txt makes it "safe" in that clicking on
> it won't cause Windoze to execute it.
Isn't there some situation where Windoze runs a program in spite of its
name, looking at the magic inside?
> To be super-safe, you should look at the file name, and also the
> file contents -- if the first few bytes of the file match a Windoze
> executable signature, you should probably prevent delivery.
How about using the "file" package (which uses signatures in
/usr/share/magic) to identify MS binaries? Does a Perl module exist that
leverages this? If so, you could auto-detect it and use it if present.
More information about the MIMEDefang
mailing list