Re: Odd SP2 Behavior

• Previous message: Michael Wojcik: "Re: Running renamed executables with CMD.EXE"
• Maybe in reply to: Joe Schmeling: "Odd SP2 Behavior"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 24 Aug 2004 13:03:51 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Joe Schmeling asked how a .zip file, named .zi_, managed to become
filename.zip again when downloaded via Outlook Web Access.

This is well documented in the XP SP2 documentation found at;

<http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2brows
.mspx#XSLTsection134121120120>

or

<http://tinyurl.com/5jjwd>

Basically, this is a result of improvements to correlating what the web
server said it was going to download against what it actually
downloaded. In your case, it downloaded a file to the cache which had an
extension of .zi_, but when it did the MIME sniff it realized that the
file was actually a fully formed .zip, so it renamed the cache file.

As far as ignoring your firewall rules, no, its not, since your firewall
rules are, well, um, too lame. If you want to block .zips, then block
files of that content, not based on the name.

As someone else pointed out, AV programs typically (today) do a MIME
sniff themselves to determine the content type, and will do so to all
files regardless of extension if told to do so. As such, a "good"
firewall rule to block zips should block based on the content, not based
on the name.

To put it another way, if your firewall was as good as IE's improved
MIME handling, you'd never have seen the file!

Cheers,
Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----

• Previous message: Michael Wojcik: "Re: Running renamed executables with CMD.EXE"
• Maybe in reply to: Joe Schmeling: "Odd SP2 Behavior"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Ada OS ... Location of the main documentation and links ... If there is nothing in the download section then there is no release. ... the "c2ada" the program should be used on itself. ... Personally I wouldn't want to *convert* a whole C program to Ada, ... (comp.lang.ada) Re: The API docs, where is it again? ... > took the hamburger, threw it on the grill, and I said "Oh wow"... ... >> I have on my computer a set of Java documentation that I must have ... but I cannot find where I can download a new set from. ... API and I don't know the addy. ... (comp.lang.java.help) Re: svm solve everything ... What I would find useful in my decision about whether to download the ... what language is the package written in? ... does it have documentation (and can I read the documentation ... only test project and comments in source ... (comp.ai) Re: need help with serial port control ... Dick Grier wrote: ... If you want documentation in detail, ... > .NET object like my serial port class. ... > Another alternative is to download NETComm.ocx from my homepage. ... (microsoft.public.dotnet.languages.vb) Re: FTP connectin problem ... are you using PASV or PORT mode? ... change directory and download files. ... use on a second sever similar firewall rules and the same vsftpd ... Thanks a lot for an advice concerning firewall rules. ... (comp.unix.bsd.freebsd.misc)