Bugtraq mailing list archives
Re: MIME::Tools Perl module and virus scanners
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Tue, 4 Jun 2002 14:16:11 -0400 (EDT)
Bennett Todd wrote:
Do MIME::Tools and/or MIMEDefang know about the punctuation marks that some Windows MUAs silently ignore in filename extensions?
MIMEDefang itself doesn't "know" anything, but the sample filter which comes with it will correctly (?!) reject ".exe." as well as ".exe" I've appended the Perl code. The rules are convoluted, but I think they catch most things. Tuning the Perl rules to catch probable viruses while leaving legitimate attachments alone took a fair bit of time.
How about charset canonicalization, non-default (incorrect but commonly accepted) UTF-8 encodings?
I'm not sure about this; I'd have to check the MIME::Tools source. MIMEDefang itself tries to decode encoded words into a default charset if none is supplied, but it might not do the same thing as an MUA. Canonicalizing the MIME before handing it to the MUA is the best bet. -- David. --- Sample filter snippet --- # This procedure returns true for entities with bad filenames. sub filter_bad_filename { my($entity) = @_; my($bad_exts, $re); # Bad extensions $bad_exts = '(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|reg|scr|sct|shb|shs|sys|url|vb|vbe|vbs|vxd|wsc|wsf|wsh)'; # Do not allow: # - curlies # - bad extensions (possibly with trailing dots) at end or # followed by non-alphanum $re = '(\{)|(\})|(\.' . $bad_exts . ')\.*([^-A-Za-z0-9_.]|$)'; return re_match($entity, $re); }
Current thread:
- MIME::Tools Perl module and virus scanners David F. Skoll (Jun 03)
- Re: MIME::Tools Perl module and virus scanners Wietse Venema (Jun 04)
- Re: MIME::Tools Perl module and virus scanners Kee Hinckley (Jun 07)
- Re: MIME::Tools Perl module and virus scanners David F. Skoll (Jun 07)
- Re: MIME::Tools Perl module and virus scanners Kee Hinckley (Jun 07)
- Re: MIME::Tools Perl module and virus scanners Bennett Todd (Jun 04)
- <Possible follow-ups>
- Re: MIME::Tools Perl module and virus scanners David F. Skoll (Jun 04)
- Re: MIME::Tools Perl module and virus scanners Wietse Venema (Jun 04)