|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: 'pif' file didn't get blocked today.
Victor.Duchovni
morganstanley.com
Date: Tue May 20 2003 - 11:21:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 20 May 2003, David Landgren wrote:
> Mark Knecht wrote:
> > Hi,
> > I have not seen this happen in a long, long time. I thought I had my body
> > check file set up to reject attachments with the 'pif' type. Below is the
> > first line in that file. Today I had an attachment show up that came down to
> > Outlook blocking it for me since it was a pif file.
> >
> > Can anyone see something wrong in this set of criteria?
> > Thanks,
> > Mark
> >
> >
> > /^(Content-Disposition: attachment;.*|
> > Content-Type:.*|(\t| )+)(file)?name="?.*\.(lnk|hta|com|pif|vbs|vbe|js|jse|ex
> > e|bat|cmd|vxd|scr
> > |shm|dll)"?$/ REJECT
>
> trailing spaces after the .pif"? would let it through.
>
LookOut! ignores the value of Content-Disposition so both "attachment" and
"inline" are treated identically. There may be additional whitespace (and
even RFC822 comments are honoured by MUAs despite the standard) between
Content-Disposition and the word "attachment" and similarly before ";".
Finally Postfix 2.0 uses mime_header_checks not body_checks for matching
such headers unless mime processing is disabled.
--
Viktor.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]