> -----Original Message-----
> From: Vernon Schryver [mailto:[EMAIL PROTECTED]]
> Sent: 25 July 2001 03:15
>
> [...snip...]
>
> Is there a reasonable filter than can filter what Microsoft considers
> active content? Don't some Microsoft MUA's ignore the MIME type and
> look for what are called magic numbers in the UNIX world? If so, the
> only reasonable way to filter Microsoft's active content is to filter
> based on "X-Mailer: Internet Mail Service."
AFAIK windows MUAs generally decide what to do with an attachment based on
it's filename rather than on it's MIME type.
The full list (alledgedly) of potentially executable filenames is
surprisingly long, and is an interesting wander through windows history:
.ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta,
.inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd,
.pif, .reg, .scr, .sct, .shb, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh
[Source: Microsoft Outlook 2000 SR-1 Help 'Level 1 and Level 2 e-mail
security attachment file types']
At our site we filter on these file extensions before applying virus
filters. I doubt you would ever want to receive any of these files 'raw'
anyway, in the normal course of business.
Cheers,
Doug.
