[Mimedefang] WARNING/ALERT .html attachments

Kees Theunissen C.J.Theunissen at differ.nl
Fri Jun 3 01:05:09 EDT 2016


Hi all,

Last night I received a few messages with an html attachment.

Mime headers:

  MIME-Version: 1.0
  Content-Type: text/html; charset="iso-8859-1"
  Content-Transfer-Encoding: quoted-printable
  Content-Disposition: attachment; filename="ICICI Personal Banking.pdf.html"

The attachments don't contain html-, head- or body-tags; only
script- and /script-tags with a lot of javascript in between.

.html and .htm are not listed as "bad extensions" in the
"suggested-minimum-filter-for-windows-clients" script in the MIMEDefang
download. But obviously .html and .htm _ARE_ dangerous.


Regards,

Kees Theunissen.

-- 
Kees Theunissen,  System and network manager,   Tel: +31 (0)40-3334724
Dutch Institute For Fundamental Energy Research (DIFFER)
e-mail address:   C.J.Theunissen at differ.nl
postal address:   PO Box 6336, 5600 HH, Eindhoven, the Netherlands
visitors address: De Zaale 20, 5612 AJ, Eindhoven, the Netherlands




More information about the MIMEDefang mailing list