[Exim] more on Navidad.exe

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MDoug S at ->
Delete this message
Reply to this message
Author: Steve Platt
Date:  
To: exim-users
Subject: [Exim] more on Navidad.exe
By the way, I should have mentioned something else about the Navidad.exe that
got past our system_filter (because message_body_visible was too small).

The message had come through a mailing list at Newcastle.ac.uk which seemed to
have run the message through some system that had filtered the MIME attachment
so that the Content-Disposition: header had been *modified* to make the
filename *not contain a dot* before the "exe"!

This might make the attachment harder to run and therefore safer BUT it does
pose a worrying question about how reliable a filename recogniser can be!

The actual change was from Navidad.exe to Navidad_exe (note the underscore).
Fortunately the Content-Type header was unchanged and would have triggered the
Exim system_filter (I think).

Steve



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] What's a reasonable value for message_body_visible?Re: [Exim] Re: About running the whole mail system as 'exim'->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)