deny cabinet files?

[Julian Field]

Good point, it's a format that I expect many virus scanners miss. And  
Windows users have in-built support for opening them too, IIRC.

I'll add that rule to the default set of rules I supply.

On 8 Jul 2005, at 13:53, Jeff A. Earickson wrote:

> Julian,
>
> I got a suspicious email today with a .cab file attachment.
> I've submitted the file to clam, but this inspired me to
> add the following rule to filename.rules.conf:
>
> deny\t\.cab$\tPossible malicious cabinet file\tCompressed cabinet  
> files may hide viruses
>
> \t for real tabs here.  I googled and checked Microsoft's
> website and see no positive use for an emailed .cab file.
> Anybody else seen this?
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!