On Mon, 12 Dec 2016 12:38:06 -0500
"Kevin A. McGrail" <[email protected]> wrote:
> Seeing some fake invoice/in the wild garbage with .dzip extension
> getting through today.
> If you are doing some extension blocking, etc. might want to take a
> look.
Yes, we're seeing those too... they're doing something a bit shady
with the MIME headers:
--------84EAFC6DBD7EE2A3AD2D7D6BED
Content-Type: application/zip; name="Ord04690075.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Ord04690075.dzip"
Luckily, our code looks for all possible filenames, so it finds the .zip
and the .dzip version, does the zip processing and rejects because of the
embedded .js
Huh!
Regards,
Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
