You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by WiNK / Bor <wi...@connectedserver.com> on 2007/04/23 11:11:48 UTC

PNG vurnability

Hi Guys,

Not sure if this is the right list to ask it, but lots of people with 
knowledge about it,

how serious is the PNG file treat, i noticed it is default denied by 
mailscanner. However i got some designers behind my mailscanner, which 
also want receive png files? So i know i can whitelist these persons by 
address and or domain, but i want to know about the severity of 
potential treat caused by png files.

Kind Regards
Rob

Re: PNG vurnability

Posted by mouss <mo...@netoyen.net>.

WiNK / Bor wrote:
> Hi Guys,
>
> Not sure if this is the right list to ask it, but lots of people with 
> knowledge about it,
>
> how serious is the PNG file treat, i noticed it is default denied by 
> mailscanner. However i got some designers behind my mailscanner, which 
> also want receive png files? So i know i can whitelist these persons 
> by address and or domain, but i want to know about the severity of 
> potential treat caused by png files.

http://www.sans.org/newsletters/risk/display.php?v=4&i=6#widely5
http://www.securityfocus.com/bid/18913
http://www.securityfocus.com/bid/21920
http://scary.beasts.org/security/CESA-2004-001.txt
http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1
...

RE: PNG vurnability

Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.

Rob

Might be worthwhile moving this to the MailScanner list as it's nothing
to do with SA per sa.

But what version of MailScanner are you running, as I can't see anything
that would block png files by default.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: WiNK / Bor [mailto:wink@connectedserver.com]
> Sent: 23 April 2007 10:12
> To: users@spamassassin.apache.org
> Subject: PNG vurnability
>
> Hi Guys,
>
> Not sure if this is the right list to ask it, but lots of people with
> knowledge about it,
>
> how serious is the PNG file treat, i noticed it is default denied by
> mailscanner. However i got some designers behind my mailscanner, which
> also want receive png files? So i know i can whitelist these persons
by
> address and or domain, but i want to know about the severity of
> potential treat caused by png files.
>
> Kind Regards
> Rob




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************