Outlook/OWA 2003 - file types blocked

Rick Cooper rcooper at DIMENSION-FLM.COM
Sun Jan 25 15:56:58 GMT 2004 

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Sunday, January 25, 2004 9:33 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Outlook/OWA 2003 - file types blocked
>
>
> Would people like me to add all of these to my supplied
> filename.rules.conf? I don't really agree with all of
> them. For example,
> running a .inf file just shows it to you, it doesn't "run" it.
>
> And why is a .crt dangerous?

The danger comes with the message content in some cases. The
message may tell the user to extract a particular .inf and right
click select install and....  There is actually an exploit using
an .inf file, properly placed, that would allow anyone
administrative access to a win200 box, there are several exploits
having to do with proper placement of autorun.inf files, or .inf
files with the autorun tag.

.crt files can take a given host out of the internet zone and
into the trusted zone which, depending upon the certificate and
local settings, can allow many bad things to happen.

.crt files are assessed as medium risk and .inf files are
assessed as high risk with know dangerous exploits.

I generally believe that if Microsoft says don't trust their OS
with a particular file type I should take their word for it.
Think about a compiled help file, now what kind of idiot would
create code that could render a help potentially *very*
dangerous?? (MS of course)

Rick

>
> At 13:55 25/01/2004, you wrote:
> >The following is a full list of Level 1 file types
> blocked by Outlook
> >2003 and OWA 2003. You may wish to use this to
> supplement (or annotate)
> >the list Julian provides in the "filename.rules.conf" file.
> >
> >Level 1 file types blocked by Outlook 2003
> >
> >File extension File type
> >.ade Microsoft Access project extension
> >.adp Microsoft Access project
> >.app Microsoft FoxPro-generated application
> >.bas Microsoft Visual Basic(r) class module
> >.bat Batch file
> >.chm Compiled HTML Help file
> >.cmd Microsoft Windows NT(r) command script
> >.com Microsoft MS-DOS(r) program
> >.cpl Control Panel extension
> >.crt Security certificate
> >.csh Unix shell script
> >.exe Executable file or program
> >.fxp Microsoft FoxPro(r) file
> >.hlp Help file
> >.hta HTML program
> >.inf Setup information
> >.ins Internet naming service
> >.isp Internet communication settings
> >.js Jscript(r) file
> >.jse Jscript-encoded script file
> >.ksh Unix shell script
> >.lnk Shortcut
> >.mda Microsoft Access add-in program
> >.mdb Microsoft Access program
> >.mde Microsoft Access MDE database
> >.mdt Microsoft Access file
> >.mdw Microsoft Access file
> >.mdz Microsoft Access wizard program
> >.msc Microsoft Common Console document
> >.msi Windows Installer package
> >.msp Windows Installer patch
> >.mst Visual Test source files
> >.ops FoxPro file
> >.pcd Photo CD image or Microsoft Visual Test compiled script
> >.pif Shortcut to MS-DOS program
> >.prf Microsoft Outlook Profile Settings
> >.prg FoxPro program source file
> >.reg Registration entries
> >.scf Windows Explorer Command file
> >.scr Screen saver
> >.sct Windows(r) script component
> >.shb Shortcut into a document
> >.shs Shell scrap object
> >.url Internet shortcut
> >.vb VBScript file
> >.vbe VBScript-encoded script file
> >.vbs VBScript file
> >.wsc Windows script component
> >.wsf Windows script file
> >.wsh Windows script host settings file
> >.xsl XML file that can contain script
> >
> >The above list was taken from Microsoft web pages by
> one of our Exchange
> >specialists.
> >
> >Quentin
> >---
> >PHONE: +44 191 222 8209    Information Systems and
> Services (ISS),
> >                            University of Newcastle,
> >                            Newcastle upon Tyne,
> >FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
> >------------------------------------------------------
> ------------------
> >"Any opinion expressed above is mine. The University
> can get its own."
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947
> 1415 B654
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

More information about the MailScanner mailing list