subject:"\[Mimedefang\] curly brackets \- security risk\?"

[Mimedefang] curly brackets - security risk?

2004-06-21 Thread Chris Masters

Hi All,

I know the default extension regex does not allow open
curly brackets ('{'). I assume this is a security
feature.

What about filenames? I know they're legal in both
unix and windoze, but do they pose a security risk?

Thanks, Chris



__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] curly brackets - security risk?

2004-06-21 Thread Josh Kelley

Chris Masters wrote:
I know the default extension regex does not allow open
curly brackets ('{'). I assume this is a security
feature.
What about filenames? I know they're legal in both
unix and windoze, but do they pose a security risk?
 

Windows lets you put a classid (hexadecimal string identifying the file 
type) in curly brackets and use that as a file extension.  At least one 
virus has used this technique to hide its extension.

See http://www.geocities.com/uzipaz/eng/safe.html, item 8, for more details.
Josh Kelley
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] curly brackets - security risk?

Re: [Mimedefang] curly brackets - security risk?

2 matches

Site Navigation

Mail list logo

Footer information