Author: Alan J. Flavell Date: To: Exim users list Subject: [Exim] "url" on the generic Windows filter hit-list
Having used one or other version of the generic Windows hit-list for
some time with general success, there's been a sudden outbreak of
bona-fide senders of .url attachments, which have of course gotten
bounced by our filter.
One in particular comes as an automated response from a conference
booking system, whose daemon sends the booking confirmation along with
a rather important URL. Since the system is not under our control we
have little alternative than to let it through. The others were quite
unrelated, and I don't know why a whole batch of them should have hit
within less than a week, whereas we've been running for many months
without problems.
Anyhow, I thought I might enquire what particular vulnerability is
involved in this kind of attachment, so as to help reach a view on how
important it is to block it, or how widely we could let it past.