> > I would check MIME type, file extension, and most importantly the > > magic, to make sure that they all match. Any failure to match > > would be suspect, regardless of what the A/V program says. I > > think you misunderstood my earlier point.
> In truth I must have done, I *still* wouldn't like to trust that those > things weren't being hijacked though, even the magic. Exactly. So if an attachment has MIME type T then it should have one of the known extensions for MIME type T and it should have the correct magic. That way if an attachment claims to be MIME type "image/jpeg", then it must have an extension of .jpeg, jpg or jpe, AND have a magic value of 0xFFD8FFE0JFIF0x00. If it has a magic value of something else, e.g., 0x7FELF or MZ, then it should be rejected *regardless of the anti-virus scan*. A simple set of magic is: Format Magic PNG 0xD3PNG GIF GIF89a JPEG 0xFFD8FFE0JFIF0x00 ELF 0x7FELF Windows .EXE MZ /usr/share/[misc/]magic has a collected set to use with the file command (Windows users, see: http://www.alaska.net/~royce/pub/solaris/MAGIC). The pertinent aspects of the file command could be re-implemented in Java. The purpose would be to prevent someone from slipping an executable by as a non-executable, since most operating systems load by magic, not extension or MIME type. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]