lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Bojan.Zdrnja at (Bojan Zdrnja)


> -----Original Message-----
> From: 
> [] On Behalf Of 
> Brown, Nicholas
> Sent: Friday, 21 November 2003 3:48 a.m.
> To:
> Subject: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
> Bojan Zdrnja Wrote:
> ...
> >That is why you should implement content blocking at your e-mail server.
> >There is absolutely no reason to allow .scr files to go around. If you
> >this blocked, it would stop MiMail-I without AV updates.
> >Also, note that this attachment has double extension, which should also
> >automatically blocked.
> ...
> It should be pointed out that blocking files with multiple extensions is
> not good idea, as this would interfere with lots of legitimate,
> non-executeable file types, such as .tar.gz.

Agreed (although - most users will send Windows attachments ;-).

Anyway, for that purpose, a regular expression like:


Will do it. Amavisd-new has a nice default example for this.


Bojan Zdrnja

Powered by blists - more mailing lists