Author: Chris Lightfoot Date: To: exim-users Subject: Re: [exim] caution to those blocking files by extension
Historically Windows has been very enthusiastic about
executing files that you mightn't expect it to. (E.g. you
can create a PE file with a .pif extension which the shell
will execute; and you can switch on the POSIX execute bit
for a file of arbitrary extension and cmd.exe would
execute *that*, or at least it would under NT4.)
I would have thought identifying attachments as being PE
executables would be a much better approach than testing
the extension, and probably not very much more expensive
(since if you can test the extension and therefore have
the headers of the relevant MIME part you probably have
access to its body as well). GNU file(1) recognises PE
executables OK (though a look at the magic file suggests
that actually the way they do it would be easy to evade so
better to write a little program to do it, I think; it's
probably doable as a regex on the base64 version of the
data).
--
``Last year, there were 45,000 fewer victims of crime
-- help us make it more this year.'' (advertisement by Birmingham Police)