Chris Masters wrote:
Windows lets you put a classid (hexadecimal string identifying the file type) in curly brackets and use that as a file extension. At least one virus has used this technique to hide its extension.I know the default extension regex does not allow open curly brackets ('{'). I assume this is a security feature.
What about filenames? I know they're legal in both
unix and windoze, but do they pose a security risk?
See http://www.geocities.com/uzipaz/eng/safe.html, item 8, for more details.
Josh Kelley _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
