At 20:29 +1300 22-03-2011, Jason Haar wrote: >On 03/17/2011 10:41 PM, Salvatore Toribio wrote: >> Hi >> >> I have done a quick check to the code in the current version and I >> didn't find anything that would block an 'exe' file if you changed >> the extension... >> > >There is definitely code to do that. However, if Ethy has disabled it >via "--fix-mime 1" (or otherwise turning $BAD_MIME_CHECKS below the >default value of "2"), then it won't trigger > >I've just tested it - it works with "fix-mime" set to the default value >of 2. I sent a "Content-Type: image/XXX" email with "notepad.gif" - >which was an executable - it was blocked.
Hi Jason I have tested it before posting to the list. I have $BAD_MIME_CHECKS='2' but the attachment is passing through with the extension 'txt'... I found the code, sorry. Eudora for MacOSX is doing something by its own, it doesn't rely on the extension to set the content-type, so the check is not matching: --============_-911336969==_============ Content-Id: <a06240804c9ae19d24a6c@[10.10.82.254].0.0> Content-Type: application/octet-stream; name="SetupERunAs.txt" Content-Disposition: attachment; filename="SetupERunAs.txt" Content-Transfer-Encoding: base64 Tue, 22 Mar 2011 10:38:47 CET:29470/29465: w_c: attachment 2: Content-Type of application/octet-stream found Tue, 22 Mar 2011 10:38:47 CET:29470/29465: w_c: base64 looks like a Windows executable, filename=setuperunas.txt,type=application/octet-stream REgards ST ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
