[Mimedefang] Why does MIMEDefang strip .VCFs

Kelson kelson at speed.net
Fri Feb 10 12:24:42 EST 2006

Cormack, Ken wrote:
> I have a user complaining about the fact that MIMEDefang strips .vcf's from
> emails, and I'm not sure what answer to give.  Are .vcf's a vector for some
> kind of attack?  Or is there a knowledgebase article somewhere that
> describes problems with allowing .vcfs in emails?

Also, look out for .vcfs with the person's email address in the 
filename.  If you have "Bob.Smith at example.com.vcf" it'll trigger even 
the default filters.

Whenever an attachment triggers filter_bad_filename I follow it up with 
a check against File::MMagic.  I recheck the extension and compare it 
against those results so files like "Example.com Proposal.doc" can get 
through.  In this case, if the filename ends in .vcf I look for a 
magically-determined MIME type of text/plain or text/x-vcard.

Filtering dangerous file types would be a lot easier if .com hadn't been 
both a DOS executable extension and a top-level domain name.  Or if 
Windows had dropped support for .com files.  Or if domain names and 
filenames used a different delimiter.  Of if all the major operating 
systems used something sensible like MIME types or old-school Macintosh 
creator/document types -- something in the metadata -- instead of file 

Kelson Vibber
SpeedGate Communications <www.speed.net>

More information about the MIMEDefang mailing list