.wmf vulnerability

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Thu Dec 29 17:37:25 GMT 2005

Ken A wrote:

> Thanks Wess, I do understand that, but what I'm wondering about is the
> strings returned by the file command are based on
> /usr/share/file/magic, which reports things like perl and shell
> scripts as executable - so they are blocked in the default
> filetype.rules.conf. I don't want to treat them the same as a windows
> metafile hiding as some innocent .txt file. 
> Does anyone has a real world filetype.rules.conf file that is a bit
> more permissive than the default, but still catches the windows junk.

In my (default) filetype.rules.conf the first four lines are:

allow   text            -                       -
allow   script          -                       -
allow   archive         -                       -
allow   postscript      -                       -

The second should allow perl and shell scripts through.  I just sent
myself a bash script, and a .pl file and they came through just fine.


Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list