Historically Windows has been very enthusiastic about executing files that you mightn't expect it to. (E.g. you can create a PE file with a .pif extension which the shell will execute; and you can switch on the POSIX execute bit for a file of arbitrary extension and cmd.exe would execute *that*, or at least it would under NT4.)
I would have thought identifying attachments as being PE executables would be a much better approach than testing the extension, and probably not very much more expensive (since if you can test the extension and therefore have the headers of the relevant MIME part you probably have access to its body as well). GNU file(1) recognises PE executables OK (though a look at the magic file suggests that actually the way they do it would be easy to evade so better to write a little program to do it, I think; it's probably doable as a regex on the base64 version of the data). -- ``Last year, there were 45,000 fewer victims of crime -- help us make it more this year.'' (advertisement by Birmingham Police) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
