Hello,
I'm just curious: I'm started logging the filename of the attachments, in
order to come along a problem with invalid filenames we have.
Some of the filenames contain a path.
Here is a snippet:
Content-Type: text/html;
Content-Type: text/html;
name*0=file:///C|/DOKUME%7E1/ANDRE/LOKALE%7E1/TEMP/nsmail-1.htm
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename*0=file:///C|/DOKUME%7E1/ANDRE/LOKALE%7E1/TEMP/nsmail-1.htm
In this particular sample, the path (well, the complete filename)
Joseph Brennan wrote:
That's not the only thing strange. Why does this have '*0=' for '=',
a pipe after 'C', and '~' (as %7E) in odd places?
The *0= is part of the most stupid, ill-conceived, security-hole-ridden
RFC I've ever had the displeasure to read:
http://www.ietf.org/rfc/rfc2231.txt
[EMAIL PROTECTED] wrote on 01/19/2006 10:27:15
AM:
Content-Type: text/html;
name*0=file:///C|/DOKUME%7E1/ANDRE/LOKALE%7E1/TEMP/nsmail-1.htm
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename*0=file:///C|/DOKUME%7E1/ANDRE/LOKALE%7E1/TEMP/nsmail-1.htm
In this
On Wed, 2006-01-18 at 21:15 -0800, Wesley Peters wrote:
Please note that if you're running FreeBSD, moving to
a 'ram disk' won't help and will likely hurt. Make sure
your /var/spool filesystem has softupdates enabled.
You may want to try the 'noatime' option as well.
Out of curiosity, why
[EMAIL PROTECTED] wrote:
Even SpamAssassin shouldn't require locking unless the Berkeley DB
file is being written to. If it's only being read, then concurrent
access shouldn't be a problem.
Most bayesian analyses result in a write to add the new tokens and
update the token counts.
But I
On 1/18/2006 12:44, [EMAIL PROTECTED] wrote:
It looks like a new virus spreads using (among others) .mim files...
I've never heard of that extension. Is it a windows executable or outlook
script of some kind?
~Jason
--
___
NOTE: If there is a
-Original Message-
From: Jason Gurtz
I've never heard of that extension. Is it a windows
executable or outlook script of some kind?
I hadn't either. Google found this:
http://www.seniormag.com/compcorner/definitions/ext/biglistm.htm
Which says:
MIM
A multipart file in the
It looks like a new virus spreads using (among others) .mim files...
I've never heard of that extension. Is it a windows
executable or outlook script of some kind?
It’s a MIME-encoded file which is of type message/rfc822, so presumably you
can embed anything you want into it, and watch it
[EMAIL PROTECTED] wrote:
3) Atomically rename database.db.new to database.db
Can you enlightne me on what Atomically rename means?
On Linux, type:
man 2 rename
From that man page:
If newpath already exists it will be atomically replaced (subject to a
few conditions - see ERRORS
[EMAIL PROTECTED] wrote on 01/19/2006 12:30:47
PM:
3) Atomically rename database.db.new to database.db
Can you enlightne me on what Atomically rename means? How is that
different than just a mv command. I can understand that a process that
opened the file under the old name is still going
Mark Damrose wrote:
The files in a multipart MIM file can be opened
(unarchived and separated into individual files) using Winzip or a
similar program.
Indeed, WinZip takes over that file extension when installed.
I don't know offhand whether XP's built-in zip decompressor handles .mim files,
Paul Murphy wrote:
Definitely one for the banned list now...
For the paranoid, I have a fairly thorough list of compressed file extensions
here:
http://www.mimedefang.com/kwiki/index.cgi?BadFilenameExtensions
For the record:
zip rar sit cpt hqx ace bz bz2 iso lha r00 r01 r02 r03 r04 r05 r06
On 1/19/2006 13:12, Damrose, Mark wrote:
MIM
A multipart file in the Multi-Purpose Internet Mail Extensions (MIME)
format; often created as the result of sending e-mail with attachments in
AOL. The files in a multipart MIM file can be opened (unarchived and
separated into individual files)
[EMAIL PROTECTED] wrote:
[about dangerous filename extensions]
Even better: I have a regular expression that matches filenames that
could be a security problem on Windows:
.*
(Sorry, but I've come to the conclusion that it's simply irresponsible
to use Windows on a machine with
On Thu, 2006-01-19 at 12:30, [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote on 01/19/2006 12:30:47
PM:
3) Atomically rename database.db.new to database.db
Can you enlightne me on what Atomically rename means? How is that
different than just a mv command. I can understand that a
Jason Gurtz wrote:
I looked and this windows box doesn't have mim as a registered file type.
Seems like it isn't too big of a deal unless clients are using aol. I
guess if our policy dictated blocking .zip and other archives then I would
block this too.
My WinXP Pro machine at work has the
Hi David,
First question: do you have /var/spool/MIMEDefang on a RAMdisk? If not,
fix it now!
Next: It looks like you have 512MB of memory. You don't want to increase
MX_MAXIMUM much beyond around 20, or the server will start swapping.
I think moving /var/spool/MIMEDefang onto a RAMdisk
Max Size of Emails * Number of MD threads = Ram Disk
so for a 10mb Email size
and 15 threads it would be 150mb (+a few mb for the heck of it - but you get
the idea)
Cheers
Mack
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lisa
Casey
Sent: 19 January
Lisa Casey wrote:
I think moving /var/spool/MIMEDefang onto a RAMdisk is a good idea. I've
not set up a RAMdisk before, but I've done some googling and think I can
get it done.
Question: I have 512 MG RAM on the system. Say I decrease MX_MAXIMUM to
15, how big should I make the RAMdisk?
Ben Kamen wrote:
Well, if you're doing enough traffic, you should make the ramdisk at
least as big as the max number of MD children you'd like to
run.. (I'd prolly shoot for 50% over that even.)
That's fairly conservative. You're unlikely to get all your MD slaves
processing maximally-sized
Can anyone point me to a guide for creating SSL certificates and sharing
them between Sendmail and Thunderbird clients?
I'd like to test the various authentication info in filter_sender...
Thanks,
-Philip
___
NOTE: If there is a disclaimer or other
Kenneth Porter wrote:
I just received a virus hoax (life is beautiful) forwarded from one
of my users, so I sent results of my google (including Snopes and
BreakTheChain) upstream to previous recipients.
Now I'm wondering why Clam (configured in MD) doesn't treat hoaxes,
like phish, as just
Hey Dave,
Are the Clam folks going to incorporate that patch you sent them?
I have waited to upgrade my Calm to .88 to see if they come out with
something like .88.1
Heard anything back?
John Jaeger - Billings, Montana
EMail To: mailto:[EMAIL PROTECTED]
Home Page :
- Original Message - Thanks Jan for your response.
I inserted this code in near the start, and in the global section, of my
mimedefang-filter, and got the error:
snip
Jan 18 22:27:48 hosta mimedefang-multiplexor[6491]: Slave 5 stderr:
Argument
at
John wrote:
Are the Clam folks going to incorporate that patch you sent them?
I posted on the clam-devel list. No word from the developers. They
didn't even confirm or deny that the regression was a problem. :-(
I have waited to upgrade my Calm to .88 to see if they come out with
something
Thanks...
Could you possibly post it again or send me a url where I might find it G
Thanks again...
At 07:08 PM 1/19/2006, you wrote:
John wrote:
Are the Clam folks going to incorporate that patch you sent them?
I posted on the clam-devel list. No word from the developers. They
didn't
On Thursday, January 19, 2006 9:19 PM -0700 John [EMAIL PROTECTED] wrote:
Could you possibly post it again or send me a url where I might find it
G
http://lists.roaringpenguin.com/pipermail/mimedefang/2006-January/029143.html
On Thu, 19 Jan 2006, Joseph Brennan wrote:
Content-Type: text/html;
name*0=file:///C|/DOKUME%7E1/ANDRE/LOKALE%7E1/TEMP/nsmail-1.htm
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename*0=file:///C|/DOKUME%7E1/ANDRE/LOKALE%7E1/TEMP/nsmail-1.htm
In this particular
29 matches
Mail list logo