On 2003-10-14, 13:45:37 (+0200), Stian B. Barmen wrote:
> It is rather important to block Microsoft application/ms-tnef files,
> which are usually named "winmail.dat". The TNEF encoding is currently
> not understood by the sanitizer, which means it can easily be used to
> smuggle malicious attachments past the sanitizer unless it is blocked.
>
> But the problem is when I need to let these trough .. what then?
Then you just let them through and hope nothing bad will happen!
:-)
Security is about balancing risk against usability - if blocking
those attachments makes your system too "unusable", then that may
be more important than security. You decide.
Alternately, there is the tnef2multipart.pl script in the
contrib/ directory, which may come in handy. See older messages
in the mailing list archives for instructions on how to use it.
> file_list_1 = (?i)(winmail\.dat
> file_list_1 += |\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
To allow winmail.dat attachments, change the above two lines to
this (I deleted everything from the 'w' to the '|'):
> file_list_1 = (?i)(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf
-- Bjarni R. Einarsson PGP: 02764305, B7A3AB89 97547@xyz.molar.is -><- http://bre.klaki.net/Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send lots of mail to: 97678@xyz.molar.is
Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=Juggler