[Esd-l] (not) mangling ".bat" files
Robert Trebula
trebula at ui42.com
Thu Jul 11 02:00:01 PDT 2002
Hi,
a client has just notified me that he received a message containing attachment
with name ".bat" - that is empty filename plus extension that normally should
be mangled (and the message rejected).
I have verified that all messages named ".exe", ".bat" and so on bypass the
sanitizer without being defanged or marked as poisoned. Tested on the newest
html-trap.procmail.
I tried to temporarily solve the problem first by adding lines
.bat
.exe
to poisoned-files with no effect, also tried to add lines
*bat
*exe
without effect too.
I think this is a serious issue because windows handle such files like all
other executable files.
Robert
--
Bc. Robert TREBULA
ui42 spol. s r.o.
Hrdlickova 16, 831 01 Bratislava, Slovakia
tel.: (+421) 2 5479 3646
mailto:trebula at ui42.sk
http://www.ui42.com
More information about the esd-l
mailing list