[Exim] more on Navidad.exe

Top Page

Reply to this message
Author: Steve Platt
To: exim-users
Subject: [Exim] more on Navidad.exe
By the way, I should have mentioned something else about the Navidad.exe that
got past our system_filter (because message_body_visible was too small).

The message had come through a mailing list at Newcastle.ac.uk which seemed to
have run the message through some system that had filtered the MIME attachment
so that the Content-Disposition: header had been *modified* to make the
filename *not contain a dot* before the "exe"!

This might make the attachment harder to run and therefore safer BUT it does
pose a worrying question about how reliable a filename recogniser can be!

The actual change was from Navidad.exe to Navidad_exe (note the underscore).
Fortunately the Content-Type header was unchanged and would have triggered the
Exim system_filter (I think).