Author: Steve Platt Date: To: exim-users Subject: [Exim] more on Navidad.exe
By the way, I should have mentioned something else about the Navidad.exe that
got past our system_filter (because message_body_visible was too small).
The message had come through a mailing list at Newcastle.ac.uk which seemed to
have run the message through some system that had filtered the MIME attachment
so that the Content-Disposition: header had been *modified* to make the
filename *not contain a dot* before the "exe"!
This might make the attachment harder to run and therefore safer BUT it does
pose a worrying question about how reliable a filename recogniser can be!
The actual change was from Navidad.exe to Navidad_exe (note the underscore).
Fortunately the Content-Type header was unchanged and would have triggered the
Exim system_filter (I think).
This message was posted to the following mailing lists: