TNEF attachments

From: Luis Miguel (
Date: Wed 23 Jun 2004 - 16:35:58 GMT

  • Next message: Andrew: "Default anomy.conf"

    Hi all, I have dome some research about this odd tnef files that outlook
    generate. I cant eliminate this files like many people does, my clients
    are using the "net folders" function on outlook to share contacts and
    use RTF mail, and of course they want to see attachments sended by anyone.

    At the same time I want this files checked against a file extension based
    policy and scaned for viruses.

    One interesting thing to note is that outlook doesnt look for a "winmail.dat"
    file, the common name for a tnef attachment, it look for a content type
    "application/ms-tnef", so blocking winmail.dat (like sanitizer does by default)
    doesnt give you ANY aditional security. Any file can be a tnef attach with
    the correct content-type, even a file like "thing.jpg"

    The only way to stop/filter this attachments is looking at the content type,
    one thing (AFAIK) sanitizer cant do at the moment (v1.68).

    As a workaround solution I created a wrapper for clamav, it will check if the file is a
    TNEF, extract the encapsulated files and check this against a file extension policy, then scan
    +for viruses, if the file isnt a tnef is scanned directly for viruses.

    If anyone is interested:

    Please tell me if anyone have a better way to do it, or if I am wrong with something.

    Sorry for my bad english.


    hosted by