[Mimedefang] DZIP Extension
Dianne Skoll
dfs at roaringpenguin.com
Mon Dec 12 15:24:55 EST 2016
On Mon, 12 Dec 2016 12:38:06 -0500
"Kevin A. McGrail" <KMcGrail at pccc.com> wrote:
> Seeing some fake invoice/in the wild garbage with .dzip extension
> getting through today.
> If you are doing some extension blocking, etc. might want to take a
> look.
Yes, we're seeing those too... they're doing something a bit shady
with the MIME headers:
--------84EAFC6DBD7EE2A3AD2D7D6BED
Content-Type: application/zip; name="Ord04690075.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Ord04690075.dzip"
Luckily, our code looks for all possible filenames, so it finds the .zip
and the .dzip version, does the zip processing and rejects because of the
embedded .js
Huh!
Regards,
Dianne.
More information about the MIMEDefang
mailing list