Discussion:
[Mimedefang] DZIP Extension
Kevin A. McGrail
2016-12-12 17:38:06 UTC
Permalink
Seeing some fake invoice/in the wild garbage with .dzip extension
getting through today.

If you are doing some extension blocking, etc. might want to take a look.

Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailma
Dianne Skoll
2016-12-12 20:24:55 UTC
Permalink
On Mon, 12 Dec 2016 12:38:06 -0500
Post by Kevin A. McGrail
Seeing some fake invoice/in the wild garbage with .dzip extension
getting through today.
If you are doing some extension blocking, etc. might want to take a look.
Yes, we're seeing those too... they're doing something a bit shady
with the MIME headers:

--------84EAFC6DBD7EE2A3AD2D7D6BED
Content-Type: application/zip; name="Ord04690075.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Ord04690075.dzip"

Luckily, our code looks for all possible filenames, so it finds the .zip
and the .dzip version, does the zip processing and rejects because of the
embedded .js

Huh!

Regards,

Dianne.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimed

Loading...