[Esa-l] TNEF encoding a "big gaping hole?" :)
Brett Glass
brett at lariat.org
Sun Nov 5 17:05:28 PST 2000
The Sanitizer should have an option to strip TNEF attachments. As
Microsoft writes at
http://www.eudora.com/techsupport/kb/1552hq.html
TNEF attachments can contain active content such as OLE objects,
and can also embed attachments in other formats -- including
worms and viruses.
Microsoft Outhouse Express always discards TNEF attachments, and
Microsoft Expunge Server has a built-in option to do so.
It doesn't make sense to quarantine messages with them, but it does
make sense to strip them out silently. A few minor (and possibly
exploitable) Outhouse features, such as voting, won't work if
this is done, but it's better than letting a worm slip by.
--Brett
At 04:30 PM 11/5/2000, Bjarni Runar Einarsson wrote:
>Hi!
>
>I just wanted to post a "heads up", for those of you who aren't paranoid
>yet about those winmail.dat files. I apologize if this is old news or
>already handled by the sanitizer...
>
>Anyway, according to Microsoft's web site winmail.dat files or
>application/ms-tnef files can contain all sorts of evil stuff, including
>complete attachments. So I'm advising people to put winmail.dat on their
>blacklists - and if John agrees and hasn't already, he should consider
>mangling the MIME type as well, since it may suffice even without the file
>name.
>
>P.S. I'm writing this from memory, and the MIME type may not be
>"application/ms-tnef". Go check in the Microsoft knowledge base what to
>block before blocking anything.
>
>--
>Bjarni R. Einarsson PGP: 02764305, B7A3AB89
> bre at netverjar.is -><- http://bre.klaki.net/
>
>Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/
>_______________________________________________
>E-mail Security Announce list mailing list
>E-mail Security Announce list at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esa-l
More information about the esd-l
mailing list