anomy-list

Content ID Revisited

From: Rick Johnson (107716@xyz.molar.is)
Date: Thu 15 Jan 2004 - 18:27:07 GMT

Next message: Rick Johnson: "More on Content ID Revisited"

Previous message: henry j. mason: "Sanitizer truncating spam subjects"
Next in thread: Rick Johnson: "More on Content ID Revisited"
Reply: Rick Johnson: "More on Content ID Revisited"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

I posted this a while back, but we still haven't seen an answer.

Other than allowing .com extensions, is it possible to look at filename
instead of Content-ID for defanging?

Embedded images are put in like:

107807@xyz.molar.is, and the header also includes a filename
of image.gif or image.jpg.

Presently, the .com is detected as a filename, and subsequently dropped.

I'm considering a rule which looks for .com, but excludes *@*.com, but doing
that concerns me as well since it won't be long before someone exploits that
too.

-Rick

-- 
Rick Johnson, RHCE #807302311706007 - 107716@xyz.molar.is
Linux/Network Administrator - Medata, Inc.
PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc

Next message: Rick Johnson: "More on Content ID Revisited"
Previous message: henry j. mason: "Sanitizer truncating spam subjects"
Next in thread: Rick Johnson: "More on Content ID Revisited"
Reply: Rick Johnson: "More on Content ID Revisited"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

hosted by molar.is