[Exim] more on Navidad.exe

Góra strony
Delete this message
Reply to this message
Autor: Steve Platt
Data:  
Dla: exim-users
Temat: [Exim] more on Navidad.exe
By the way, I should have mentioned something else about the Navidad.exe that
got past our system_filter (because message_body_visible was too small).

The message had come through a mailing list at Newcastle.ac.uk which seemed to
have run the message through some system that had filtered the MIME attachment
so that the Content-Disposition: header had been *modified* to make the
filename *not contain a dot* before the "exe"!

This might make the attachment harder to run and therefore safer BUT it does
pose a worrying question about how reliable a filename recogniser can be!

The actual change was from Navidad.exe to Navidad_exe (note the underscore).
Fortunately the Content-Type header was unchanged and would have triggered the
Exim system_filter (I think).

Steve