You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2018/04/19 00:37:25 UTC

EMF file vulnerability?

Hi all, this may be slightly OT, but we've been blocking .emf files
forever but today a user complained that we blocked their Word
documents which apparently have "image1.emf" files in them and were
considered a threat by amavisd due to our restricted file type policy.

I recall this being an issue from as far back as Win95/XP, but do
people still consider this a real threat vector?

https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability

Re: EMF file vulnerability?

Posted by Olivier Coutu <ol...@zerospam.ca>.

On 2018-04-18 20:37, Alex wrote:
> Hi all, this may be slightly OT, but we've been blocking .emf files
> forever but today a user complained that we blocked their Word
> documents which apparently have "image1.emf" files in them and were
> considered a threat by amavisd due to our restricted file type policy.
>
> I recall this being an issue from as far back as Win95/XP, but do
> people still consider this a real threat vector?
>
> https://en.wikipedia.org/wiki/Windows_Metafile_vulnerability
We are not blocking them, never had any malicious activity reported 
through them and see a low volume of legitimate usage for them through 
pdf and doc files. Overall, I would say you shouldn't block them.