[Dshield] block unneeded file ext

Rick Leir rdshield at leirtech.com
Thu Aug 16 13:09:20 GMT 2007


> Outlook, Outlook Express) the advice is to disable the preview pane
> and that problem goes away.
> 
> My question is, does it? I seem to recall that there have been at
> least a couple of vulnerabilities in client-side parsing libraries
> that were exploitable even in the case that the preview pane was
> disabled, or in other words that disabling the preview pane was not an
> effective workaround for mitigating these vulnerabilities. I think
> they may have been exposures in VML, GDI, ANI or similar. In this
> case, the net effect is that without actual user interaction, the

Yes, I do recall such exploits.  Was it .xls or MS database attachments 
that were executed before the user was prompted for confirmation.  There 
were Microsoft patches but not everyone updates their machine.

> is to block unneeded file extensions at your SMTP gateway such as .exe,
> .scr, .vbs, and .dll. 

But Microsoft often looks into the file to determine type, ignoring the 
extension, so it might be named .jpg but get treated as some other file 
type.  You need something like
   http://qmail-scanner.sourceforge.net/
   http://www.clamav.net/
cheers -- Rick
LeirTech.com


More information about the list mailing list