Good morning Mark,
You were right, the parameter m.filter_content was set to False, I believe the default. I changed it to True and it worked as expected. Thanks again.
Mohsen
-----Original Message----- From: Stephen J. Turnbull <turnbull.stephen.fw@u.tsukuba.ac.jp> Sent: Friday, October 2, 2020 2:54 AM To: Mark Sapiro <mark@msapiro.net> Cc: mailman-users@mailman3.org Subject: [MM3-users] Re: How to prevent members to attach executables (exe, bat, ...) to the emails sent to list
[EXTERNAL EMAIL]
Mark Sapiro writes:
Filtering by extension only works on message parts that have an > associated file name. Thus, while you can add things like 'exe', 'bat', > 'cmd', 'com', 'pif', 'scr', 'vbs' and 'cpl' to filter_extensions, it > won't be completely effective.
A better approach is to use MIME types[1] and only allow those you want. For a discussion list, a reasonable set is what this list uses:
I wouldn't say "better" if you're concerned about the executables being malware. There's long history of concealing malware by giving it a MIME type different from what the extension implies, and there was at least one Windows exploit that used this technique to achieve automatic execution of malware simply by displaying the message.
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.mail...