On Thursday 04 March 2004 08:57 am, Joseph Brennan wrote: > --On Wednesday, March 3, 2004 2:53 PM -0600 James Miller > > <[EMAIL PROTECTED]> wrote: > >> We just went through the same thing and have told people we will be > >> dropping zip files until we work out a sane way of 'scanning' ones that > >> are bad. Of course the .zip item is already being deprecated by the .txt > >> virii that tell the user in the email to rename the .txt to .zip and > >> open it up and then run the application for security reasons. > > Our testing showed that clients mangle binaries sent with the .txt > extension. We believe that the clients do a newline-return translation > similar to what you get doing ftp as text. Anyway the binary does not > execute even after being renamed. I can't figure out how this exploit > would work.
Would it be possible, or desireable, to have MimeDefang check attachments to unsure they match up with the file extension? For example if someone renames a .zip to .txt then MimeDefang could identify that it was renamed, by checking "the magic", and taking action. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
