[Mimedefang] curly brackets - security risk?
Hi All, I know the default extension regex does not allow open curly brackets ('{'). I assume this is a security feature. What about filenames? I know they're legal in both unix and windoze, but do they pose a security risk? Thanks, Chris __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] curly brackets - security risk?
Chris Masters wrote: I know the default extension regex does not allow open curly brackets ('{'). I assume this is a security feature. What about filenames? I know they're legal in both unix and windoze, but do they pose a security risk? Windows lets you put a classid (hexadecimal string identifying the file type) in curly brackets and use that as a file extension. At least one virus has used this technique to hide its extension. See http://www.geocities.com/uzipaz/eng/safe.html, item 8, for more details. Josh Kelley ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang