David F. Skoll said: > On Wed, 25 Aug 2004, Ian Mitchell wrote: > >> Due to the some of the advisories of late regarding exploitations in >> libpng on many *nix's I've added png files to my listing of excluded >> attachments in the mimedefang-filter file. I would like to see if it can >> be added in the next release as a standard. > > I don't think so; that would cause way too many complaints. > New installations of MIMEDefang don't overwrite your filter, so you > can maintain a local version that doesn't allow PNGs. > My threat analysis indicates this is not a problem. I researched this for a few hours. I don't think it's necessary to block png files. I don't see png files as a real exploitable threat vector.
-- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang