[Mimedefang] WARNING/ALERT .html attachments
Kees Theunissen
C.J.Theunissen at differ.nl
Fri Jun 3 01:05:09 EDT 2016
Hi all,
Last night I received a few messages with an html attachment.
Mime headers:
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="ICICI Personal Banking.pdf.html"
The attachments don't contain html-, head- or body-tags; only
script- and /script-tags with a lot of javascript in between.
.html and .htm are not listed as "bad extensions" in the
"suggested-minimum-filter-for-windows-clients" script in the MIMEDefang
download. But obviously .html and .htm _ARE_ dangerous.
Regards,
Kees Theunissen.
--
Kees Theunissen, System and network manager, Tel: +31 (0)40-3334724
Dutch Institute For Fundamental Energy Research (DIFFER)
e-mail address: C.J.Theunissen at differ.nl
postal address: PO Box 6336, 5600 HH, Eindhoven, the Netherlands
visitors address: De Zaale 20, 5612 AJ, Eindhoven, the Netherlands
More information about the MIMEDefang
mailing list