Hi Tim, I agree. There seems to be than the ususal amount of FUD associated with this problem. :( Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Wednesday, January 04, 2006 1:01 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vunrability > > http://www.ISAserver.org > > I wouldn't call it "program like behavior." They just > contain both metadata > and rendering data in the same file (as I understand it.) > > Renaming the file to something like ".gif" or ".jpg" could > still cause > execution if loaded from a file, but only if the Picture and > Fax Viewer was > the default program for those file types. From a browser, > for WP&FV to open > it and parse the data, it has to be that MIME type (again, as > I understand > it.) > > While I've read here that the "way to do it" is how GFI does > it, I've still > not seen any information on why simple content filtering > won't work. But > then again, I read where Jim is working with MSRC to come up with a > "workable" filter. It would be nice to get some > authoritative, detailed > information on why MIME and file type filtering *won't* work. > > t > > > ----- > "I may disapprove of what you say, > but I will defend to the death your > right to say it." > > > ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Wednesday, January 04, 2006 10:31 AM > Subject: [isalist] RE: WMF Vunrability > > > http://www.ISAserver.org > > Hi Tim, > > Don't know about that, but it's a good question. But I have to wonder > about other apps that open the WMF files. FWIU, WMF files have some > program like behavior that allow it to call other programs if > something > doesn't work. > > How's that as a erudite description for a process? :) > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > > Sent: Wednesday, January 04, 2006 12:13 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: WMF Vunrability > > > > http://www.ISAserver.org > > > > But if he sets a differnt mime type, Fax Viewer won't open > > the program, > > right? > > > > t > > ----- > > "I may disapprove of what you say, > > but I will defend to the death your > > right to say it." > > > > > > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Wednesday, January 04, 2006 9:32 AM > > Subject: [isalist] RE: WMF Vunrability > > > > > > http://www.ISAserver.org > > > > Hi Jonathon, > > > > That won't work, because the scumbag can use any file name he wants. > > Same goes with the MIME type. The MIME type is set at the Web > > server, so > > the scumbag can associate any MIME type he wants. > > > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] > > > Sent: Wednesday, January 04, 2006 11:25 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: WMF Vunrability > > > > > > http://www.ISAserver.org > > > > > > What I did to block it was: > > > > > > Internet Access Policy -> Protocols tab -> Filtering -> > > Configure HTTP > > > -> Extensions tab. Should be self explanatory from there. > > > > > > > > > > > > Jonathon J. Howey > > > KPSA Compliance Management Inc. > > > P 780.409.5620 > > > F 780.409.5621 > > > D 780.409.5628 > > > C 780.965.8363 > > > Jonathon@xxxxxxx > > > > > > Guiding the Future of Transportation > > > www.KPSA.ca > > > > > > > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: January 4, 2006 10:12 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: WMF Vunrability > > > > > > http://www.ISAserver.org > > > > > > He never stated what his "block" was. > > > > > > > > > ------------------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > ------------------------------------------------------- > > > > > > > > > -----Original Message----- > > > From: Brian Boyes [mailto:BrianB@xxxxxxxxx] > > > Sent: Wednesday, January 04, 2006 09:02 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: WMF Vunrability > > > > > > http://www.ISAserver.org > > > > > > > I have installed the "wmf" block to my ISA 2004 clients but > > > I not sure > > > > > > > how to set this up for ISA 2000. > > > > Could someone provide advice of the best way to do this. > > > > > > Did anyone ever post an answer? I'm curious about this > "wmf block". > > > > > > Brian > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > jim@xxxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > Jonathon@xxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion > > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: > > thor@xxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >