anomy-list

Re: Problems with winmail.dat

From: Bjarni R. Einarsson (97547@xyz.molar.is)
Date: Wed 15 Oct 2003 - 13:25:09 GMT

  • Next message: Stian B. Barmen: "RE: Problems with winmail.dat"

    On 2003-10-14, 13:45:37 (+0200), Stian B. Barmen wrote:
    > It is rather important to block Microsoft application/ms-tnef files,
    > which are usually named "winmail.dat". The TNEF encoding is currently
    > not understood by the sanitizer, which means it can easily be used to
    > smuggle malicious attachments past the sanitizer unless it is blocked.
    >
    > But the problem is when I need to let these trough .. what then?

    Then you just let them through and hope nothing bad will happen!

     :-)

    Security is about balancing risk against usability - if blocking
    those attachments makes your system too "unusable", then that may
    be more important than security. You decide.

    Alternately, there is the tnef2multipart.pl script in the
    contrib/ directory, which may come in handy. See older messages
    in the mailing list archives for instructions on how to use it.

    > file_list_1 = (?i)(winmail\.dat
    > file_list_1 += |\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf

    To allow winmail.dat attachments, change the above two lines to
    this (I deleted everything from the 'w' to the '|'):

    > file_list_1 = (?i)(\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct|inf

    -- 
    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
     97547@xyz.molar.is                -><-              http://bre.klaki.net/
    

    Check out my open-source email sanitizer: http://mailtools.anomy.net/ Spammers, please send lots of mail to: 97678@xyz.molar.is

    Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=Juggler



    hosted by molar.is