[Mimedefang] exe gets past Mimedefang
Joseph Brennan
brennan at columbia.edu
Tue Sep 30 10:10:03 EDT 2003
>> Content-Type: audio/x-midi;
>> name=;key=placement_2;sz=140x60;ptile=2;ord=1042208295266[1].exe
>
> Any MUA that interprets that as an .exe attachment is broken; see the
> MIME RFC. I've written a few times before that while I will try my
> best to make sense of broken MIME, there are limits. It's up to you
> to ensure your MUA's are at least semi-sensible.
Imagine a university so decentralized that it's impossible to
require people to use or not use any particular MUA. (I don't
have to imagine it.) So if any *are* this broken, they get
the virus and start infecting the world. I'd rather stop them.
Maybe there are none so stupid, and the mail is just annoying.
It's not hard to stop anyway. I put this next to 'Check for
bad extensions'.
if ($fname =~ /UNKNOWN_PARAMETER_VALUE/) {
return action_bounce("Bad attachment");
}
> (Didn't the file-content "MZ" trick work for you?)
Whatever that one is slipped past me, David!
Joe
More information about the MIMEDefang
mailing list