Re: Problems with winmail.dat

From: Bjarni R. Einarsson (
Date: Wed 15 Oct 2003 - 13:25:09 GMT

  • Next message: Stian B. Barmen: "RE: Problems with winmail.dat"

    On 2003-10-14, 13:45:37 (+0200), Stian B. Barmen wrote:
    > It is rather important to block Microsoft application/ms-tnef files,
    > which are usually named "winmail.dat". The TNEF encoding is currently
    > not understood by the sanitizer, which means it can easily be used to
    > smuggle malicious attachments past the sanitizer unless it is blocked.
    > But the problem is when I need to let these trough .. what then?

    Then you just let them through and hope nothing bad will happen!


    Security is about balancing risk against usability - if blocking
    those attachments makes your system too "unusable", then that may
    be more important than security. You decide.

    Alternately, there is the script in the
    contrib/ directory, which may come in handy. See older messages
    in the mailing list archives for instructions on how to use it.

    > file_list_1 = (?i)(winmail\.dat
    > file_list_1 += |\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf

    To allow winmail.dat attachments, change the above two lines to
    this (I deleted everything from the 'w' to the '|'):

    > file_list_1 = (?i)(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf

    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89                -><-    

    Check out my open-source email sanitizer: Spammers, please send lots of mail to:

    Was I helpful? Let others know:

    hosted by