Release 4.63.2 beta

Glenn Steen glenn.steen at gmail.com
Thu Aug 16 10:02:23 IST 2007


On 15/08/07, Mark Nienberg <gmane at tippingmar.com> wrote:
> Julian Field wrote:
>
> > 2 Added *.fdf to the list of dangerous filenames. Opening a .fdf file can
> >   cause the loading of any file on the internet into Adobe Acrobat.
>
> There are perfectly legitimate reasons to send email messages with fdf files
> attached.  If you use the "browser-based review" feature of Acrobat that allows
> multiple users to review and comment on a pdf file, then the automatically generated
> email invitations will have an fdf file attached.  The user clicks on the fdf file to
> open the document in Acrobat. The document is usually on a webdav server.  Each
> user's comments are then sent to and saved on the webdav server by the Acrobat program.
>
> Blocking fdf files will effectively disable one of the key features of Acrobat.
>
> Mark
>
Of course.
It would be pointless for the spammers to try exploit it otherwise...
This ensures that people will want it flowing through.... So, as with
anything, not well thought through features are exploitable.
Since you
a) Know this
b) is capable of turningit off
... this should be no problem at all, provided this is indeed
something your userbase/systems/policy "demand".

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list