Re: [Mimedefang] best practices for handling filename extensions
> -Original Message- > I am mainly not blocking by filename extensions, but by content. I am > blocking: Thanks Frank. Very helpful ideas. Michael ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] best practices for handling filename extensions
Am 04.10.17 um 21:41 schrieb Michael Fox: > The example provided in /usr/share/doc/mimedefang shows a very long list > of extensions to be rejected. I am mainly not blocking by filename extensions, but by content. I am blocking: - Files with contents beginning with "MZ" (DOS EXE); - the same inside ZIP files; - the same inside ZIP files inside ZIP files :-) - short or broken ZIP files; - encrypted ZIP files with $name=~/\.(?:com|exe|bat|pif|scr|vbs|hta|cpl|js)$/i as member; - zip files with *.js as member; - several well-known spam or virus file names like Rechnung.rar etc. Also I have built in a sqlite DB where several other conditions (HELO string, unknown recipient rate per IP,...) are tracked for delaying or refusing certain connections. Thanks for that great and highly customizable software, which reduces the spam and malware amount for years now! best regards, Frank ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] best practices for handling filename extensions
On 5 Oct 2017, at 8:04, Mark Coetser wrote: Pretty sure the filetype matching is done by checking the actual mime type of the file not just what the file extension is, so just renaming the file will still not allow the file through. The file "examples/suggested-minimum-filter-for-windows-clients" in the source distribution which is the ancestor of many users' /etc/mail/mimedefang-filter matches by filename extension only. This actually makes sense for Windows clients, where (at least historically) the filename extension is the only indicator known to the OS of what the filetype is. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] best practices for handling filename extensions
On Thu, 5 Oct 2017 14:04:59 +0200 Mark Coetserwrote: > Pretty sure the filetype matching is done by checking the actual mime > type of the file not just what the file extension is, so just > renaming the file will still not allow the file through. The sample filter doesn't do that; it only looks at the actual filename. Some people have written code that probes the file to figure out the MIME type, but that code's not part of the MIMEDefang distribution. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] best practices for handling filename extensions
On 05/10/2017 06:41, Michael Fox wrote: I'm looking to understand best practices with regard to rejecting filename extensions. The example provided in /usr/share/doc/mimedefang shows a very long list of extensions to be rejected. I know some hosted mail providers don't allow .exe. It annoys me but I just change the extension and it goes through. And I know that some providers don't allow .zip. So folks using those providers just change it to .piz and it goes through. I presume this is, indeed, a little safer, since the recipient has to take an extra step to change the extension. And, presumably, they would only do that if they knew what they were getting. But I wonder if that's just the appearance of additional security or if it's a true improvement. So, what do the folks here with much more experience than I do, and why? Thanks much, Michael Pretty sure the filetype matching is done by checking the actual mime type of the file not just what the file extension is, so just renaming the file will still not allow the file through. Thank you, Mark Adrian Coetser ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] best practices for handling filename extensions
I'm looking to understand best practices with regard to rejecting filename extensions. The example provided in /usr/share/doc/mimedefang shows a very long list of extensions to be rejected. I know some hosted mail providers don't allow .exe. It annoys me but I just change the extension and it goes through. And I know that some providers don't allow .zip. So folks using those providers just change it to .piz and it goes through. I presume this is, indeed, a little safer, since the recipient has to take an extra step to change the extension. And, presumably, they would only do that if they knew what they were getting. But I wonder if that's just the appearance of additional security or if it's a true improvement. So, what do the folks here with much more experience than I do, and why? Thanks much, Michael ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang