[Esa-l] Double Extensions fails
Karl Dunn
Karl.Dunn at vmic.com
Mon Feb 12 11:22:16 PST 2001
I think you have to have jpg in the MANGLE_EXTENSIONS list before the
trapper can poison it. Same goes for vbs.
Karl Dunn (KLD13)
VMIC
12090 South Memorial Parkway
Huntsville AL USA 35803
VOICE: (256) 382-8211 or (800) 322-3616
FAX: (256) 650-5472 or (256) 882-0859
On Mon, 12 Feb 2001, Phil Pennock wrote:
> On 2001-02-12 at 11:07 -0800, Dan Kubilos wrote:
> > If I send an attachment to to myself named
> >
> > test.vbs.jpg
> >
> > The email is delivered.
>
> Uhm, the problem is when files are called things like:
>
> test.jpg<lots-of-white-space>.vbs
>
> isn't it? That is, the final extension is used, but it might not be
> obvious that the extension which you're seeing isn't the final one.
>
> Does it also deliver if you called the attachment test.jpg.vbs?
>
> Or am I missing something? (Probably my brain)
> --
> Phil Pennock <pdp at nl.demon.net> <Phil.Pennock at thus.net>
> Demon Internet Nederland -- Network Operations Centre -- Systems Administrator
> Libertes philosophica.
> NL Sales: +31 20 422 20 00 NL Support: 0800 33 6666 8
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l
>
More information about the esd-l
mailing list