quote:

---

[-Version 4.53-]

-Added (Content-Type: !!!Filter All File Types {P} [Kye-U] {JJoe} (In))
--Changes content-type for GIF files to JPEG (so it is filterable)
--Now filters all file types

-Added (Freeze GIF Animations {P} [Kye-U])
--Since the Content-Type filter disables Proxomitron's built-in "Freeze GIF" feature, this filter will freeze GIF files
--Disabled by default

-Modified (Windows: Kill Suspected WMF-Exploit Files {P} [Kye-U])
--New efficient matching technique (thanks to JJoe)
--Bytes limit is 4, so CPU usage should be minimal
--Modified Alert message slightly
--Renamed to (Windows: Nullify Suspected WMF-Exploit Files {P} [Kye-U] {JJoe})
---P stands for Pending
---as Microsoft has not released an official fix, but hopefully will soon.

-Removed (Host: All File Extensions Force Filter {P} {JJoe} (out))

---

[Patterns]
Name = "Windows: Nullify Suspected WMF-Exploit Files [Kye-U] {JJoe}"
Active = TRUE
Limit = 4
Match = "[%00-%02][%00][%09][%00]$SET(SS=1)PrxNeverMatch"
        "|[%26][%00-%FF][%09][%00]$TST(SS=1)"
Replace = "\k$ALERT(Suspected WMF-Exploit File Nullified on:\n\n\u\n\nProbable exploit and payload has been removed from the file.\n\nThe file is now harmless.)"

[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: !!!Filter All File Types [Kye-U] {JJoe} (In)"
URL = "$FILTER(true)"
Match = "(*|)image/gif(*|)$SET(1=image/jpeg)|\1"
Replace = "\1"