Removing only Windows executables

Steve Evans sevans at FOUNDATION.SDSU.EDU
Fri Jul 26 22:02:16 IST 2002 

If someone changes the extension it won't block it even if it is an
executable.  This works pretty well though because there's not to many
viruses that were written which hope that the user will change the
extension and then execute it.  The only anti-virus software I've ever
seen that blocks executables not based on file extension is Antigen from
Sybari, but that's for Exchange.
 
 
 
Steve Evans
Computing Services
(619) 594-0653
 

        -----Original Message-----
        From: Miguel Koren O'Brien de Lacy
[mailto:miguelk at KONSULTEX.COM.BR] 
        Sent: Friday, July 26, 2002 1:58 PM
        To: MAILSCANNER at JISCMAIL.AC.UK
        Subject: Re: Removing only Windows executables
	
	
        Thanks for the idea. After reviewing this file I see that I
would remove EXE and COM by these lines:
	
        deny    \.exe$
        deny    \.com$
	
        Is this true?
	
        But I don't really understand how I would detect the EXE if the
sender renames it to say 'ccx' for example. Or am I missing something? I
would like to know if it's an executable by the information in the
attachment itself (even if zipped).
	
        Miguel
	
        Matt Doherty wrote:
	

                hint: filename.rules.conf
                 

                Matt Doherty
                IT Dept
                Datawatch Corp
        	
                >>In a world without walls or fences, who needs Windows
and Gates?<<

                        -----Original Message-----
                        From: Miguel Koren O'Brien de Lacy
[mailto:miguelk at KONSULTEX.COM.BR]
                        Sent: Friday, July 26, 2002 5:15 PM
                        To: MAILSCANNER at JISCMAIL.AC.UK
                        Subject: Removing only Windows executables
                	
                	
                        Excuse my ignorance in this. I have mail scanner
running perfectly for 
                        about 10 months now (did not upgrade yet) and
since there were no 
                        problems with it (set and forget), I have gotten
"rusty" in my mail 
                        scanner skills. I have a situation in a network
where it is desired to 
                        scan all mails but to completely block Windows
executable files. Don't 
                        even need to scan them, just to remove them.
Management has decided that 
                        no one should receive executables The important
fact here is that this 
                        is valid even if they are zipped or renamed. I'm
not talking about a 
                        batch file but just EXE or COM for example. I
would need to determine 
                        from the file header if it is an executable
Windows binary or not. Is 
                        this possible with mail scanner in the current
version? If not does 
                        anyone have a suggestion? 
                	
                        Thanks. 
                	
                        Miguel 
                	
                	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020726/8514f185/attachment.html

More information about the MailScanner mailing list