--On Monday, June 22, 2009 5:59 PM -0700 John Hardin <jhar...@impsec.org>
wrote:
On Mon, 22 Jun 2009, Cerebus wrote:
The zip file contains a file with the name:
document.pdf .exe
(note the long run of spaces)
My security sanitizer would quarantine that.
http://www.impsec.org/email-tools/procmail-security.html
As would MIMEDefang. http://mimedefang.org/
The danger is for those users who have filter bypasses configured, as the
spaces might make it hard to spot the extra extension. Also, Windows by
default hides extensions so even without the spaces many would miss the
.exe on the end. (Hiding extensions is one of the first things I disable on
a new Windows installation. Alas, it's a PITA to make that a global
inherited setting for new users.)
OTOH, the next time you send a notice out to a mailing list and you want to
guarantee that people read it, put it in an attachment named
NakedPics.jpg.txt. (I also suggest renaming README files to PORN.)
