WMF Exploit

[Spicer, Kevin]

My file command didn't detect wmf files, so for anyone else in that boat
heres how to add it (assuming the magic file is /usr/share/magic)

Add this line to /usr/share/magic
0       lelong          0x9ac6cdd7      Windows Metafile Image data

Run this command
file -C -m /usr/share/magic


Add this to /etc/MailScanner/filetype.rules.conf (tab separated)
deny    Windows Metafile        No Windows Metafiles    No Windows
Metafiles alllowed


/etc/init.d/MailScanner reload

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Rodney Green
Sent: 29 December 2005 16:10
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: WMF Exploit

Randal, Phil wrote:
> I've added
>  
> deny    metafont        No Windows metafont files       No Windows 
> Metafont Files allowed
>  
> (tab delimited) to my filetype.rules.conf (having checked in 
> /usr/share/file/magic)
>  
> Cheers,
>  
> Phil
>  
> -

Thanks Phil. I found a .wmf file on my system and ran "file" on it and 
it gave me the correct type. I've added your deny statement to 
filetype.rules.conf.

Rod

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

=================================================================

BMRB wins two BMRA awards - http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!