[Mimedefang] Unsafe file types

Kenneth Porter shiva at sewingwitch.com
Sun Nov 30 20:05:26 EST 2003

--On Sunday, November 30, 2003 10:34 AM -0500 "David F. Skoll" 
<dfs at roaringpenguin.com> wrote:

> Renaming prog.exe to prog.exe.txt makes it "safe" in that clicking on
> it won't cause Windoze to execute it.

Isn't there some situation where Windoze runs a program in spite of its 
name, looking at the magic inside?

> To be super-safe, you should look at the file name, and also the
> file contents -- if the first few bytes of the file match a Windoze
> executable signature, you should probably prevent delivery.

How about using the "file" package (which uses signatures in 
/usr/share/magic) to identify MS binaries? Does a Perl module exist that 
leverages this? If so, you could auto-detect it and use it if present.

More information about the MIMEDefang mailing list