[imp] Binary attachments given mime type text/plain. why?

Ahmed ashihab at alcahest.com
Tue Nov 11 02:01:25 PST 2003


though I agree with most of your sentiments. the problem was with *all*
binary files recognition not just .exe. I picked up .exes as an example.

In any case we are a small private installation with highly paranoid
spamassassin and virus checker to filter out dangerous things.

If you read the original email you'll notice that the file I was sending was
.xex which is an .exe renamed to avoid it being destroyed by exchange at
the customer end. Zipping the file would not work as exchange will unzip
and delete the .exe inside so it is simpler to rename the file.

This exchange happens between trusted accounts, us and our customers and the
attachment is signed where the signature is sent separately, in any case
the attachment is over 3MB long.

I would hate to see horde adopt an irritating big-brother approach like
exchange were it would remove files silently becuase its outlook client is
full of security holes. My users are intelligent people backed up by
aggressive anti-virus and anti-spam tools who do not need nannying.

Ahmed...


Quoting Ron Cooper sent on Tue 11 Nov 2003 09:04:35 GMT

> Quoting Lord Apollyon <implist at paypc.com>:
>
>
> | viral payloads and other dangerous code.  There is no reason for naked
> | executable files to be exchanged via email, and if the person really
> | needs to send a program binary that way, it should be ZIPPED or
> | otherwisecompressed so that some evil email clients cannot covertly
> | open and execute the payload.
> |
> | I have all 23 or so Windows executable forms blocked by my email system
> | for  just this reason.  This is why after running mail sites for
> | thousands  of  Windows users for over 6 years, I've yet to be forced to
> | deal with a  single incident of trojan-horse/virus infection.
> |
>
> Here! Here!   I actually guage a new vendor's clue fullness based on how
> they distribute their files and patches.  I find it utterly amazing that
> people will entrust a binary file to be converted, transferred, converted
> back again without so much as a second thought to Trojans, viruses or
> even a simple checksum to verify it was received/assembled properly.
>
> On any given day our procmail filters will send to /dev/null no less than
> 40 or so hostile emails that have some kind of Trojan, usually an .exe or
> .vbs file.  I do think I would resign if policy changed such that I had
> to accept these type of files via email.   Allowing such files is utterly
> irresponsible in my view.  When you don't allow the source of the
> problems
> entry into your system, you never have a problem.


More information about the imp mailing list