|
I have sent this to both support and the lists previously, and it is a
long-term known issue, and it should be easy enough to work around. It
needs to be fixed. The problem is that Declude detects anything with a "com" extension as being a COM file. Unfortunately when Internet Explorer attaches a Web page that ends with ".com", or when you forward an E-mail in Netscape, it uses the subject as the file name, and if you end in ".com", or for that matter, any other banned extension (.exe, .bat, .pif, etc.) then Declude treats it like a banned file. I get false positives on this stuff all the time, but today I just realized that my own E-mail was being 86'd whenever I was forwarding something that ended in ".com". This makes banned extensions very problematic, and there is no reasonable method of reviewing such messages for false positives, so I am afraid to say that they mostly go missed. This is entirely fixable. The types of attachments are clearly not executable files despite the name. An exception should be made for both types with all banned extensions. The example below shows the construct of a MIME header that has a ".com" extension that Declude blocks: ------=_NextPart_001_03E9_01C55C92.CCFBC5C0To construct this exception, one should understand that they are always "Content-Type: application/octet-stream", and the "name" always matches the "Content-Location" with the exception of "http://" The following shows an example of a message attachment in Thunderbird (and all other Mozilla clients): In this case one only needs to know that something that comes as "Content-Type: message/rfc822;" and "Content-Disposition: inline;" is clearly not a virus. Mail clients display such messages inline.--------------070203060502050101090601 Content-Type: message/rfc822; name="MailPure Filtering Service Instructions - example.com" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="MailPure Filtering Service Instructions - example.com" Note that this isn't limited to just ".com", but it is the most common that is blocked by banned extensions if you have "COM" listed. The above Subject for instance could have said "What are your thoughts on Declude.exe", and that would have been blocked if it was forwarded. I suppose that it is possible that one or both of these things could be exploited, but they aren't currently, they are unlikely to be, and there is a very real issue with blocking files that shouldn't be blocked. I am afraid to say that extension blocking is not reliable. It could e made reliable, and this issue has been know for a long time, but it's still here. Please, please, please fix this. Thanks, Matt |
