[Mailman-Users] Content Filtering Scrubs PDF Attachment
Mark Sapiro
msapiro at value.net
Fri Jul 20 21:09:09 CEST 2007
Fitzpatrick, Ted wrote:
>Thanks, Mark. The MUA is including "application/octet-stream" as the
>mime type. I didn't include this as passable because I wanted to strip
>".exe" files from messages. It looks like if I want to enable
>subscribers to attach PDF files, it will at the same time enable them to
>attach EXE files. From the security perspective, do most Mailman admins
>let EXE files pass?
You'll want to test all this to be sure, but there's already a default
list of extensions in filter_filename_extensions which is 'exe',
'bat', 'cmd', 'com', 'pif', 'scr', 'vbs', 'cpl' which should block any
'named' attachments with those extensions.
However, if you add 'application/octet-stream' to pass_mime_types and
put 'pdf' and 'png' in pass_filename_extensions you should wind up
accepting named with extension attachments with only .png and .pdf
extensions. You will also accept an application/octet-stream
attachment without an extension, but this may not be particularly
risky, at least to those users with systems that identify a file type
by extension.
So no, it is not a good idea to allow .exe attachments on your list,
but you can allow some application/octet-stream files and still not
allow .exe files.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list