[Esd-l] (not) mangling ".bat" files
trebula at ui42.com
Thu Jul 11 02:00:01 PDT 2002
a client has just notified me that he received a message containing attachment
with name ".bat" - that is empty filename plus extension that normally should
be mangled (and the message rejected).
I have verified that all messages named ".exe", ".bat" and so on bypass the
sanitizer without being defanged or marked as poisoned. Tested on the newest
I tried to temporarily solve the problem first by adding lines
to poisoned-files with no effect, also tried to add lines
without effect too.
I think this is a serious issue because windows handle such files like all
other executable files.
Bc. Robert TREBULA
ui42 spol. s r.o.
Hrdlickova 16, 831 01 Bratislava, Slovakia
tel.: (+421) 2 5479 3646
mailto:trebula at ui42.sk
More information about the esd-l