[Esd-l] Stripping Attachments?

Paul Thomas paul at cuenet.com
Sun Jan 13 14:32:00 PST 2002

On Sun, 13 Jan 2002, John D. Hardin wrote:

> NB: .eml is hazardous, as it's typically base64 encoded and thus not
> (yet) subject to defanging or attachment rules. Also note that .rtf

What do you mean 'attachment rules', it's at least 'mangled'?

> doesn't necessarily mean what you think. There was a Word virus a
> while back that saved things in .DOC format files with .RTF filenames,
> thus permitting them to contain macro viruses even though .RTF is not
> macro-enabled. Word doesn't care, it'll happily open the file
> regardless of the filename.

How does the sanitizer handle .rtf other than mangling?



"Yesterday's the past and tomorrow's the future. Today is a gift - which
is why they call it the present."
-Bill Keane

More information about the esd-l mailing list