If there was some "flag" in the file itself, some application would have to
parse it in the first place in order to find that out. The metafile is just
a file-- it's the graphics rendering engine that breaks with a malformed
file. If you keep the Fax Viewer from executing the file, you're fine. If
over HTTP, the app is launched based on MIME type. If a regular file (like
in an attachment) it is by extension.
t
----- "I may disapprove of what you say, but I will defend to the death your right to say it."
http://www.ISAserver.org
Hi
Correct me if I'm wrong, but as I understand it, a WMF is not handled by the operating system only according its extension, but by special flags set within the file itself.
That's why blocking *.wmf or the mime types will not stop it.
Todd
-----Original Message----- From: Brian Boyes [mailto:BrianB@xxxxxxxxx] Sent: Wednesday, January 04, 2006 2:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vulnerability
http://www.ISAserver.org
True enough. You had mentioned it was doable with GFI and I though it might be useful to mention how it could be done via surfcontrol as well. Personally, I blocked WMF files at ISA and with my surfcontrol filter, just in case.
Brian
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, January 04, 2006 2:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vulnerability
Hi Brian,
You don't need SurfControl just to block .wmf files, you can use the OOB ISA firewall to do that.
Tom
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thillaert@xxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx