[imp] Binary attachments given mime type text/plain. why?

Lord Apollyon implist at paypc.com
Mon Nov 10 14:45:53 PST 2003


> I've tried several files include some windows .exe's. I'm happy with the
> solution using the Horde mime type determination but I don't like things
> that stop working suddenly.

Ahmed, I realise you're asking for help on something else... but may I
***STRONGLY*** advise that you not allow .EXE files through your email
system?  Many dangerous email clients which "pre-fetch/pre-open" emails
silently and without user control open and execute such things to install
viral payloads and other dangerous code.  There is no reason for naked
executable files to be exchanged via email, and if the person really needs
to send a program binary that way, it should be ZIPPED or otherwise
compressed so that some evil email clients cannot covertly open and execute
the payload.

I have all 23 or so Windows executable forms blocked by my email system for
just this reason.  This is why after running mail sites for thousands of
Windows users for over 6 years, I've yet to be forced to deal with a single
incident of trojan-horse/virus infection.

If you're using Spam-Assassin, you can assign a very high score to Microsoft
executables (20.0 or higher) to accomplish the same thing.  Make sure you
scan at least up to around 250KB.  Just about all of the viral payloads are
under 200KB.

Cheers,

=R=


More information about the imp mailing list