[Mimedefang] That .com extension
Joseph Brennan
brennan at columbia.edu
Tue Jan 3 17:15:29 EST 2006
An attachment with this name was snagged as an executable by the
example filter_bad_filename routine:
WSJ.com - Cutting Hedge_ Law Firm Grows With Funds.pdf
It must be because of the ".com " in the name.
Why do we not just test the value of lc($ext), rather than pass the
entire entity to filter_bad_filename? Is there some form of obfuscation
in which the filename could be WSJ.com followed by random text?
Joe Brennan
More information about the MIMEDefang
mailing list