-----Original Message-----
From: Vernon Schryver [mailto:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com]
Sent: 25 July 2001 03:15
[...snip...]
Is there a reasonable filter than can filter what Microsoft considers
active content? Don't some Microsoft MUA's ignore the MIME type and
look for what are called magic numbers in the UNIX world? If so, the
only reasonable way to filter Microsoft's active content is to filter
based on "X-Mailer: Internet Mail Service."
AFAIK windows MUAs generally decide what to do with an attachment based on
it's filename rather than on it's MIME type.
The full list (alledgedly) of potentially executable filenames is
surprisingly long, and is an interesting wander through windows history:
.ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta,
.inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd,
.pif, .reg, .scr, .sct, .shb, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh
[Source: Microsoft Outlook 2000 SR-1 Help 'Level 1 and Level 2 e-mail
security attachment file types']
At our site we filter on these file extensions before applying virus
filters. I doubt you would ever want to receive any of these files 'raw'
anyway, in the normal course of business.
Cheers,
Doug.