anomy-list

Content ID Revisited

From: Rick Johnson (107716@xyz.molar.is)
Date: Thu 15 Jan 2004 - 18:27:07 GMT

  • Next message: Rick Johnson: "More on Content ID Revisited"

    I posted this a while back, but we still haven't seen an answer.

    Other than allowing .com extensions, is it possible to look at filename
    instead of Content-ID for defanging?

    Embedded images are put in like:

    107807@xyz.molar.is, and the header also includes a filename
    of image.gif or image.jpg.

    Presently, the .com is detected as a filename, and subsequently dropped.

    I'm considering a rule which looks for .com, but excludes *@*.com, but doing
    that concerns me as well since it won't be long before someone exploits that
    too.

    -Rick

    -- 
    Rick Johnson, RHCE #807302311706007 - 107716@xyz.molar.is
    Linux/Network Administrator - Medata, Inc.
    PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc
    



    hosted by molar.is