Author: Peter Velan Date: To: exim-users Subject: Re: [exim] caution to those blocking files by extension
am 2006-11-04 14:37 schrieb John Hall: > On 11/4/06, Peter Velan <pv0001@???> wrote:
>
>> >> Will windoze execute a file that ends in dot-space-space-space-exe ?
>> >> dosent the os see this as NOT ending in .exe
>> >
>> > I think that windows will happily exec the file, but I don't have a
>> > machine to test on.
>>
>> You are right - WindowsXP with shell cmd.exe:
>>
>> C:\>"xxx. exe" --- will "happily" be executed.
>
> Except your average user is not going to extract the file from the zip
> file and then launch a command prompt in order to run it.
There was no mention of a .zip in the original posting ;-) But, you are
right with:
> If you
> simply double-click the file, Windows does not appear to be willing to
> execute it.
The real danger ist an old, unpatched client which opens an attachment
without users intervention. Wasn't there some problems with .lnk or .pif
or something else in the past? What kind of mechanism was involved in
these cases? I'm sure it was not the "shell" named "Windows Explorer"
with its doubleclicking technique.