spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: malware campaign: javascript in ".tgz"
Date Thu, 21 Apr 2016 17:09:33 GMT


Am 21.04.2016 um 18:30 schrieb Dave Funk:
> On Thu, 21 Apr 2016, Reindl Harald wrote:
>>
> [snip..]
>>> Content-Type: application/octet-stream; name="0005500922.tgz"
>>>
>>> I wonder how common  octet-stream is with legitimate  .tgz
>>> files
>>
>> sadly you need to expect "application/octet-stream" for nearly any
>> filetype, learned the hard way by doing mime-checks on webservers
>
> +1 for this, similar experience here.
>
> I've seen "application/octet-stream" typing on ".htm" components of mail
> messages created by major brand e-mail clients. The lazy authors assume
> that the correct file extension is all that is needed

nope - above i talked about "file" and the php mimtype-functions, so not 
only lazy auhors fo clients, get the correct mimetype explains why 
things are called "mime-magic" - it's more magic than predictable


Mime
View raw message