Suggested addition to default filename and filetype rules

Remco Barendse mailscanner at BARENDSE.TO
Thu Sep 9 13:01:07 IST 2004 

<x-flowed>
Some time ago a friend of mine send me some .wma files that contained
scripts. The wma file started IE and opened some website.

I guess that would qualify it as dangerous :)

On Thu, 9 Sep 2004, Julian Field wrote:

> At 08:18 09/09/2004, you wrote:
>> On Thu, 9 Sep 2004, James Gray wrote:
>>
>>> Maybe it's just our site, but was there a reason Windows Media files were
>>> left
>>> out when Quicktime/MPEG/etc were included for denial?
>>>
>>> For the archives, here's what we have in our (modified) rules:
>>>
>>> <<< filename.rules.conf >>>
>>> # Deny Windows Media etc
>>> deny  \.wm[adsvz]   Windows Media Format    We don't allow Windows Media
>>> Files
>>> deny  \.w[av]x      Windows Media Format    No Windows media metafile
>>> links
>>> deny  \.as[fx]      Windows Media Format    We don't allow Windows Media
>>> Files
>>>
>>> <<< filetype.rules.conf >>>
>>> deny  ASF           No Windows Media        No Windows Media files allowed
>
> I have added the filetype.rules.conf one, but not the filename.rules.conf
> ones. I don't want my standard ruleset to be too restrictive. Only a very
> small percentage of you ever edit the files at all, and I don't want to
> annoy everybody more than I have to.
> Do we really need to ban all media files at all? Banning the movies is
> probably good as they tend to be huge and illegal/worthless. But all the
> audio files as well?
>
> Also, does anyone know of any attacks done involving media metafile links?
> Hopefully these are small and harmless.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list