You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-user@james.apache.org by Danny Angus <da...@apache.org> on 2003/06/22 23:14:16 UTC

filetype magic

I feel compelled to mention that magic is only ever an informed guess, and I'm convinced that faking magic isn't beyond the ability of smart bad people, if theres a gain to be made.


> > After reading your http://www.alaska.net/~royce/pub/solaris/MAGIC
> > link I see what it is all about.
> 
> For those who don't understand, yet, this might help:
> 
>   http://www.halley.cc/ed/linux/newcomer/filename.html

RE: filetype magic

Posted by "Noel J. Bergman" <no...@devtech.com>.

> you could get bytes into a machine in the guise of the image bytes of a
gif or jpeg.
> there could still be uses for it *IF* it became a way round anti-virus
software.

Yes, but the way I've suggested using it was as suppliment to a/v software,
not a replacement.  Any mismatch would be a rejection, but a positive match
doesn't imply a free ride.

	--- Noel


---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org

RE: filetype magic

Posted by Danny Angus <da...@apache.org>.

>  Faking to be a desirable type won't achieve the
> goal.  It would just be a corrupt file.

No it wouldn't, you could get bytes into a machine in the guise of the image bytes of a gif or jpeg.
OK thats not executable, but there could still be uses for it *IF* it became a way round anti-virus software.

d.

RE: filetype magic

Posted by "Noel J. Bergman" <no...@devtech.com>.

> I feel compelled to mention that magic is only ever an informed guess,
> and I'm convinced that faking magic isn't beyond the ability of smart
> bad people, if theres a gain to be made.

True.  But what would be the point?  Faking to be an undesirable type would
be counter-productive.  Faking to be a desirable type won't achieve the
goal.  It would just be a corrupt file.

As I see it, checking the magic is just one way to keep someone from
slipping an executable in under the guise of a benign attachment.

	--- Noel


---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org