Warning: Microsoft TNEF and winmail.dat

From: Bjarni Runar Einarsson (
Date: Fös 03 Nóv 2000 - 16:15:04 UTC

Hi all,

It was just brought to my attention that there is yet another common
encoding used for email in Microsoft environments - Microsoft TNEF.

This protocol essentially involves embedding all the interesting stuff
(attachments, weird MS features, etc) into a single file named
winmail.dat, which is then attached using MIME or uuencode.

Since the winmail.dat file isn't currently recognized by the
sanitizer as anything special, the attachments embedded in it aren't
subject to the rules defined in your policy. I'll hopefully be able
to address this in a future update of the sanitizer (it is now on my
mental TODO RSN list), but until then you might want to put
winmail.dat in a high priority rule of it's own so it gets mangled or
even dropped when it passes through the sanitizer.

Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89              -><-   

Netverjar gegn ruslpósti:

-- This mailing list's home page is: There you can find subscription instructions and possibly an archive. is a free Icelandic mailing list service.

hosted by