RE: WMF Vulnerability

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 4 Jan 2006 13:08:57 -0800

Those are two separate questions.
ISA doesn't use the OS file associations to make its decisions, so blocking 
file types of .wmf or content-types of application/x-msmetafile will get you 
some relief.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Hillaert, Todd [mailto:THillaert@xxxxxxxx] 
Sent: Wednesday, January 04, 2006 12:42
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vulnerability

http://www.ISAserver.org

Hi

Correct me if I'm wrong, but as I understand it, a WMF  is not handled by the 
operating system only according its extension, but by special flags set within 
the file itself. 

That's why blocking *.wmf or the mime types will not stop it. 

Todd

-----Original Message-----
From: Brian Boyes [mailto:BrianB@xxxxxxxxx]
Sent: Wednesday, January 04, 2006 2:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vulnerability

http://www.ISAserver.org

True enough. You had mentioned it was doable with GFI and I though it might be 
useful to mention how it could be done via surfcontrol as well.
Personally, I blocked WMF files at ISA and with my surfcontrol filter, just in 
case.

Brian 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, January 04, 2006 2:41 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vulnerability

Hi Brian,

You don't need SurfControl just to block .wmf files, you can use the OOB ISA 
firewall to do that.

Tom


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thillaert@xxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2006