[Mimedefang] Danger of .vcs files?
Jim McCullars
jim at info.uah.edu
Thu Sep 30 11:46:57 EDT 2004
On Thu, 30 Sep 2004, Jim Hatfield wrote:
> I see that .vcs is listed in filter_bad_filename.
I think David got those extensions from a list that Microsoft published
at one time. At my site, I pared the list down considerably, to a list of
about 10 or so that are commonly used to send mail bombs. .vcf isn't one
of them.
> If anyone can tell me what the danger of these files is,
> I'd appreciate it, then I can decide whether to risk
> letting them in.
The problem is, some file types will execute, rather than launch the
application that they are associated with. I just did an experiment by
making a copy of Notepad.exe, renaming it to jim.vcf, and launching it.
Had this actually launched Notepad, I would say that it would be too risky
to let the file type pass. However, it did indeed launch the Windows
Address Book (although all the fields were empty). Now while it may be
possible to craft a .vcf file that would corrupt WAB and make it do
something unintended, it appears that someone cannot just rename a
malicious executable to something.vcf and have it run.
My $0.02 says to let them in. HTH...
Jim McCullars
University of Alabama in Huntsville
More information about the MIMEDefang
mailing list