2 Oct
2020
2 Oct
'20
6:53 a.m.
Mark Sapiro writes:
Filtering by extension only works on message parts that have an associated file name. Thus, while you can add things like 'exe', 'bat', 'cmd', 'com', 'pif', 'scr', 'vbs' and 'cpl' to filter_extensions, it won't be completely effective.
A better approach is to use MIME types[1] and only allow those you want. For a discussion list, a reasonable set is what this list uses:
I wouldn't say "better" if you're concerned about the executables being malware. There's long history of concealing malware by giving it a MIME type different from what the extension implies, and there was at least one Windows exploit that used this technique to achieve automatic execution of malware simply by displaying the message.