CLSID matching
Rick Cooper
rcooper at dwford.com
Thu Mar 2 17:02:13 GMT 2006
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of
> hermit921
> Sent: Thursday, March 02, 2006 11:47 AM
> To: MailScanner discussion
> Subject: Re: CLSID matching
>
>
> I was looking in the filenames file at the CLSID line. Doesn't
> this match
> any file name containing that 25 character string in {}, not just
> ending in
> that string?
>
> hermit921
>
>
> # Deny filenames ending with CLSID's
> deny \{[a-hA-H0-9-]{25,}\} Filename trying to hide its real
> type Files
> containing CLSID's are trying to hide their real type
>
>
Technically yes, but I cannot imagine someone naming a file with:
{ABCDEF012345679-ABCDEF01}
anywhere in the file name,but it should be deny \.\{[a-hA-H0-9-]{25,}\}$
for the vulernability to work (IIRC)
Rick
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list