[Mimedefang] Danger of .vcs files?
Jason Gurtz
jason at jasongurtz.com
Thu Sep 30 14:14:44 EDT 2004
On 9/30/2004 13:45, Jim McCullars wrote:
>
> On Thu, 30 Sep 2004, Stephen J Smoogen wrote:
>
>> > about 10 or so that are commonly used to send mail bombs. .vcf isn't one
>> > of them.
>>
>> Which 10?
>
> Well, at the risk of exposing by backside:
Can't remember what the default are but I've added a couple here and
there. Here's what I use (Perl string concatenated for email readability):
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|' .
'dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|' .
'mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|' .
'shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|' .
'wsh|\{[^\}]+\})';
the .lnk are often blocked because users don't know how to properly send
a link via email. IE/Lookout attach .lnk files when people drag-drop
from the address bar. IE has had some issues in the past with things
that get entered via the address bar so I choose to make people display
the whole URL instead of obfuscating it in a lame file.
Cheers,
~Jason
--
More information about the MIMEDefang
mailing list