[Esd-l] Additionnal extensions

Pierre Etchemaite petchema at concept-micro.com
Mon Jun 7 04:15:40 PDT 2004

	Hi all,

I received a bounce from a big company MTA because some virus seem to have
used one of my emails as forged source. So far nothing exciting.
But the MTA filtering gave its list of banned extensions, so I thought it
could be interesting checking if they're all filtered by the default
$MANGLE_EXTENSIONS list, and if some could be worth adding...

Here's the result:

.bas - used by several interpretors that claim to be of the Basic family.
Are those interpretors common nowadays ?
.inf - several things, some that look worth filtering; Check
.ins - among things, internet connection informations. Could be used by
dialers I suppose, and worth filtering
.isp - same as .ins ?
.mhtml - "Microsoft archived web page", whatever that means. But certainly
at least as "dangerous" as .html on platforms that support it, and I bet
harder to mangle
.mht - see above
.msc - "Microsoft management console snap-in control file". Worth filtering
I'd say
.mst - ?
.opt - "Office Profile Settings file", whatever that means
.pi - See comment about it being sometimes an alias for .pif, and link with
Sobig http://www.filext.com/detaillist.php?extdetail=pi
.prf - ?
.scf - "Windows Explorer Command", name itself looks scary ;)
.url - Internet location file, not sure what are the security concerns of
sharing such files (phishing ?)
.vb* - $MANGLE_EXTENSIONS only filter .vb, .vbe, .vbs, but .vbd or .vbn my
be dangerous too, it's hard to tell
.xml - Extensible markup language file, not sure what are security concerns
of sharing such files
.zi - maybe "trimmed" version of .zip extension, like in .pif -> .pi case ?

Hope it helps,

More information about the esd-l mailing list