Quoth Jeffrey Goldberg on Fri, May 05, 2000:
> On May 4, 2000 Vadim Vygonets <vadik@???> wrote:
> > It's better to filter by matching the Content-Type:
> > header-thingie, methinks.
>
> 'Fraid not. The content-type of these things is application/octet-stream
>
> The whole thing relies on the fact that some clients when receiving
> attachments pay more attention to the file name than they do to the
> content-type.
Let me ask you to repeat this again, please. You mean that the
mailer software pays more attention to the so-called "extension"
of the file name than to content-type? You mean that if the file
is called "something.exe" and the content-type is text/plain, it
will still execute it as a DOS program?
> application/octet-stream
> Name "File.txt"
Well, AFAIK, application/octet-stream is almost meaningless. It
means "I'm a miscellaneous binary file" or something like this.
No mailer in its right state of mind will try to do _anything_
with application/octet-stream, except maybe showing it as text
when really beaten upon.
But it seems to me that imply that Microsoft mailers also send
out stuff with broken content-type, right?
> This is the bit of psychology that this worm relies on. Now if people use
> mailers which respect content-type properly and/or which display the full
> file names if the system will rely on that for what to do, then we
> wouldn't have this problem at this scale.
If we didn't have MS-DOS, we wouldn't have MS-DOS viruses. Well,
I personally don't think that these people will ever learn. Oh,
and MS-DOS is a registered trademark of Microsoft corporation,
BTW.
Vadik.
--
Yes, you can get an account if you promise not to wear ties
anymore.
-- Unknown sysadmin, 1998-10-27.
