[Esa-l]IMPSEC works - or does it.

Howard Lowndes lannet at lannet.com.au
Thu May 17 15:52:55 PDT 2001

I had an interesting situation with a client's email yesterday.

The client is using W95/IE5.5 and is reading email from their corporate
mail server with IMP, a browser based email client from Horde
<www.horde.org> using the IMAP protocol.  IMP uses php, 3 or 4.

They had an email with an attached Excel spreadsheet.  The attachment
showed up with the file name DEFANGED so impsec has done its work
correctly.  However, when the client clicked on  the attachment icon the
spreadsheet was presented in the IMP main frame.

I assume that php used file magic to determine what the file type was and
was able to display the spreadsheet because it clearly did not use the
file name extension and the MIME type was application/octet-stream.

What concerns me is whether any macros would have been executable had they
been embedded.

LANNet Computing Associates <http://lannetlinux.com>
   "...well, it worked before _you_ touched it!"

More information about the esd-l mailing list