Questions...

[Julian Field]

At 16:37 24/03/2004, you wrote:
>On Wed, 24 Mar 2004 16:14:57 -0000, Spicer, Kevin wrote:
> > Advise your client to change the extension of the zip files.  It only
> unpacks zips based on extension.
>
>Is this a good thing? It means that I could get an exe (or whatever)
>file past MailScanner by zipping it and renaming to, say, .zipp. Social
>engineering does the rest.
>
>Julian, how about (optionally?) unpacking anything that the file command
>thinks is an archive?

There are whole rafts of Denial of Service attacks that can be launched
this way, I am very wary of unpacking anything unless I really need to. But
using the file command to find zip files instead of looking at the name is
not a bad idea. It would be slower though as it would need to be run on
every message batch. Let me have a think and see if I can make it do it as
part of the filetype trapping code, so the overhead would be minimal.

And then there is the chicken and egg situation Kevin has just mentioned...
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654