Fwd: [Mimedefang] Determine mime type
Mitch DSouza
mitch at 0bits.com
Fri Sep 12 19:00:00 EDT 2003
My suggestion would be to install
http://search.cpan.org/author/KNOK/File-MMagic-1.20/MMagic.pm
And in filter() routine of mimedefang-filter do something
like (written off the top of my head, so check for correctness
before employing)
use File::MMagic;
...
if (re_match($entity, '\.doc)) {
if (defined $entity->bodyhandle) {
$mm = File::MMagic::new->('/usr/share/magic');
if (defined $part->bodyhandle->path) {
$res = $mm->checktype_filename($part->bodyhandle->path);
if ($res =~ /Microsoft/) {
return action_bounce("Microsoft plagues not accepted here !");
}
}
}
}
Mitch
-------- Original Message --------
Subject: [Mimedefang] Determine mime type
Date: Fri, 12 Sep 2003 15:20:53 -0600 (MDT)
From: Lucas Albers <admin at cs.montana.edu>
Reply-To: mimedefang at lists.roaringpenguin.com
To: mimedefang at lists.roaringpenguin.com
References: <3F6217C4.9050402 at fysik.dtu.dk> <Pine.LNX.4.44.0309121547100.4179-100000 at romulus.csd.selu.edu>
Questions.
How can you determine the mime type of a file in mimedefang?
rtm? obvious?
Suppose you wanted to block all .doc files that were actually word perfect
files based on file results on the file.
As you are aware their is a MS word exploit.
The Microsoft Word "WordPerfect" document converter included in Microsoft
Word has a buffer overflow bug. If the WordPerfect document converter is
installed (by default it is in Office 2000) and a malicious .doc file is
opened, there exists the ability for an attacker to execute arbitrary
code.
I was trying to figure out how to block this.
A more generalized block would be thus:
If a doc file is not an office document file, then block it?
--Luke
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list