Is MS vulnerable to this Unicode trick?
Beauchemin, Denis
Denis.Beauchemin at usherbrooke.ca
Fri May 13 14:45:05 IST 2011
I just read something that makes me wonder if MS can detect those Unicode names as executables?
http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole
We’ve been blocking EXE, BAT and many other executables for a long time with MS, just based on the file name. I didn’t want to use the file command because we encouraged people to rename offending attachments before sending them.
Should I start using the file command just to be on the safe side?
Thanks!
Denis
Denis Beauchemin
Architecte Technologique - Section Infrastructure des serveurs
Service des technologies de l’information (S.T.I.)
Université de Sherbrooke
More information about the MailScanner
mailing list