RE: Problems with winmail.dat

From: Stian B. Barmen (
Date: Wed 15 Oct 2003 - 13:33:43 GMT

  • Next message: Marvin Herbold: "Problems with .com files..."

    Thank you very much! :)

    I know that this might adjust my security down a few notches, but it
    will still stop most virus mails (as of now at least).

    I owe you one! :)

    Best regards and thanks
    Stian B. Barmen

    -----Original Message-----
    From: Bjarni R. Einarsson []
    Sent: 15. oktober 2003 15:25
    To: Stian B. Barmen

    On 2003-10-14, 13:45:37 (+0200), Stian B. Barmen wrote:
    > It is rather important to block Microsoft application/ms-tnef files,
    > which are usually named "winmail.dat". The TNEF encoding is currently
    > not understood by the sanitizer, which means it can easily be used to
    > smuggle malicious attachments past the sanitizer unless it is blocked.
    > But the problem is when I need to let these trough .. what then?

    Then you just let them through and hope nothing bad will happen!


    Security is about balancing risk against usability - if blocking
    those attachments makes your system too "unusable", then that may
    be more important than security. You decide.

    Alternately, there is the script in the
    contrib/ directory, which may come in handy. See older messages
    in the mailing list archives for instructions on how to use it.

    > file_list_1 = (?i)(winmail\.dat
    > file_list_1 +=

    To allow winmail.dat attachments, change the above two lines to
    this (I deleted everything from the 'w' to the '|'):

    > file_list_1 =

    Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89                -><-    

    Check out my open-source email sanitizer: Spammers, please send lots of mail to:

    Was I helpful? Let others know:

    hosted by