[Mimedefang] Unsafe file types

David F. Skoll dfs at roaringpenguin.com
Sun Nov 30 11:30:49 EST 2003

On Sun, 30 Nov 2003, Jon R. Kibler wrote:

> > To be super-safe, you should look at the file name, and also the
> > file contents -- if the first few bytes of the file match a Windoze
> > executable signature, you should probably prevent delivery.

> This is the best idea I have heard yet... suggestions on how to implement it?

Sure.  Here it is, untested, with no error checking; you really should
check that bodyhandle and path are defined() before using them:

sub filter ($$$$) {
    my($entity, $fname, $ext, $type) = @_;
    my $path = $entity->bodyhandle->path;

    if (open(IN, "<$path")) {
	read(IN, $first_two_chars, 2);
        if ($first_two_chars eq "MZ") {
            return action_bounce("$fname smells like a Windoze EXE...");

Of course, this will reject mail that has a part beginning with "MZ",
but the false-positive rate should be rather low. :-)



More information about the MIMEDefang mailing list