Re: MIME type of readme.eml (was Re: Web site infected by Nimda

["Nick FitzGerald" <nick () virus-l demon co uk>]

Rob Quinn <rquinn () sec sprint net> wrote:

> > Interestingly, the content type from www.wininternals.com (aka 207.30.43.69,
> > aka underconstruction.infoback.net) is application/octet-stream.  The content
> > type on www.digimind.fr is correct at "message/rfc822."
>
>  Anyone have a breakdown on the MIME types they are seeing _IN HTTP_?

Nope -- not been looking...

>  It's been too long since I installed a web server - am I remembering correctly
> that the MIME type is set by a web server config file, and not the HTTP in the
> web page itself?

However, I can answer this.

The web server sets the type that is reported in the HTTP transfer 
conversation.  That is, the "Content-Type: text/html" or whatever is 
done by the server.  I wouldn't count on IE to "respect" that though 
-- for example, it is well-known that IE will scan the first few 
hundred bytes of GIFs and JPGs for HTML tags despite the files being 
specified by the server with the correct image types.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com