[Mimedefang] filtering bad filename vs. file scanning
James Ralston
qralston+ml.mimedefang at andrew.cmu.edu
Mon Sep 29 21:11:01 EDT 2003
On 2003-09-26 at 11:11:34+0800 cc <cc at belfordhk.com> wrote:
> Since I started using MIMEDefang, any EXE files are removed from the
> email. Currently, this is a good thing (with SWEN swarming around
> the 'Net), but is it a good thing in the long run?
My $0.02: absolutely.
In fact, we've been testing code to prohibit MS-DOS executables
entirely, regardless of extension or whether the executable contains
viral content. This is how we do it:
#
# Reject MS-DOS executables (regardless of extension) by identifying
# their magic.
#
if (defined $entity->bodyhandle) {
my $path = $entity->bodyhandle->path;
if ($path) {
if (open FILE, "<$path") {
my $file_data;
my $read_chars;
$read_chars = read FILE, $file_data, 1024;
close FILE;
if ($read_chars > 2) {
if ((substr ($file_data, 0, 2)) eq 'MZ') {
action_bounce ('MS-DOS executables are not accepted here', '550', '5.7.0');
return;
}
}
}
}
}
(Deciding to infer file contents from the filename extension is one of
the dumbest decisions Microsoft ever made.)
If people validly need to send or receive MS-DOS executables, they can
ZIP them first.
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
More information about the MIMEDefang
mailing list