Cormack, Ken wrote:
I have a user complaining about the fact that MIMEDefang strips .vcf's from emails, and I'm not sure what answer to give. Are .vcf's a vector for some kind of attack? Or is there a knowledgebase article somewhere that describes problems with allowing .vcfs in emails?
Also, look out for .vcfs with the person's email address in the filename. If you have "[EMAIL PROTECTED]" it'll trigger even the default filters.
Whenever an attachment triggers filter_bad_filename I follow it up with a check against File::MMagic. I recheck the extension and compare it against those results so files like "Example.com Proposal.doc" can get through. In this case, if the filename ends in .vcf I look for a magically-determined MIME type of text/plain or text/x-vcard.
Filtering dangerous file types would be a lot easier if .com hadn't been both a DOS executable extension and a top-level domain name. Or if Windows had dropped support for .com files. Or if domain names and filenames used a different delimiter. Of if all the major operating systems used something sensible like MIME types or old-school Macintosh creator/document types -- something in the metadata -- instead of file extensions.
-- Kelson Vibber SpeedGate Communications <www.speed.net> _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
