deny cabinet files?
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Jul 8 14:21:01 IST 2005
Good point, it's a format that I expect many virus scanners miss. And
Windows users have in-built support for opening them too, IIRC.
I'll add that rule to the default set of rules I supply.
On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote:
> Julian,
>
> I got a suspicious email today with a .cab file attachment.
> I've submitted the file to clam, but this inspired me to
> add the following rule to filename.rules.conf:
>
> deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet
> files may hide viruses
>
> \t for real tabs here. I googled and checked Microsoft's
> website and see no positive use for an emailed .cab file.
> Anybody else seen this?
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list