anomy-list

Problems with winmail.dat

From: Stian B. Barmen (97449@xyz.molar.is)
Date: Tue 14 Oct 2003 - 11:45:37 GMT

  • Next message: Bjarni R. Einarsson: "Re: Problems with winmail.dat"

    I have a anomy filter defanging attachments on my mail. Problem is that
    there is an accountant firm that keeps sending outlook mail (RTF) that
    is identified as winmal.dat.

    I do not want to drop these mails though they get defanged by my
    configuration.

    Here is my config (for file dropping):

    file_list_1 = (?i)(winmail\.dat
    file_list_1 +=
    |\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
    file_list_1 +=
    |asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$
    file_list_1_policy = drop
    file_list_1_scanner = 0

    I found this in the manual:

    It is rather important to block Microsoft application/ms-tnef files,
    which are usually named "winmail.dat". The TNEF encoding is currently
    not understood by the sanitizer, which means it can easily be used to
    smuggle malicious attachments past the sanitizer unless it is blocked.

    But the problem is when I need to let these trough .. what then?

    Best regards
    Stian B. Barmen



    hosted by molar.is