[Esa-l] attachments being renamed.
Lee Howard
faxguy at deanox.com
Tue Feb 13 17:34:06 PST 2001
At 12:51 PM 2/13/01 -0800, John D. Hardin wrote:
>On Tue, 13 Feb 2001, Lee Howard wrote:
>
>> Do I change the Content-Type line to read?:
>>
>> Content-Type: image/tiff; name="FAX from $info{sender} at $info{received}"
>
>Add ".tif" onto the end and that would fix it.
Works great now, thanks.
>> >Interesting that you're seeing "default.tif". The sanitizer just
>> >inserts "default" with no extension. Maybe it's not a good defense
>> >against social engineering if the mail client insists on adding an
>> >extension...
>>
>> Hrmmm... I'm using that darn Outlook Express in this particular
>> case. Does that mean that if the Content-Type line had been
>> something like application/vbs that it would have "gotten around"
>> the sanitizer?
>
>Maybe - I'd appreciate it if you'd try it and see if it does...
I changed the Content-Type: line to application/vbs and ended up getting no
filename extension at all, the attachement was called "default". So I
guess there's no apparent hole. It may be a good idea, however, to look
into the list of extensions that OE will automagically assign to an
attachment based on the Content-Type entry with no filename.
Thanks again.
Lee.
More information about the esd-l
mailing list