Suggested addition to default filename and filetype rules
Jeff A. Earickson
jaearick at COLBY.EDU
Thu Sep 9 16:13:21 IST 2004
<x-flowed>
Julian,
Could you post your revised file to the list, so we can put the
"Julian approved" rules into action now?
Jeff Earickson
On Thu, 9 Sep 2004, Remco Barendse wrote:
> Date: Thu, 9 Sep 2004 14:01:07 +0200
> From: Remco Barendse <mailscanner at BARENDSE.TO>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Suggested addition to default filename and filetype rules
>
> Some time ago a friend of mine send me some .wma files that contained
> scripts. The wma file started IE and opened some website.
>
> I guess that would qualify it as dangerous :)
>
> On Thu, 9 Sep 2004, Julian Field wrote:
>
>> At 08:18 09/09/2004, you wrote:
>>> On Thu, 9 Sep 2004, James Gray wrote:
>>>
>>>> Maybe it's just our site, but was there a reason Windows Media files were
>>>> left
>>>> out when Quicktime/MPEG/etc were included for denial?
>>>>
>>>> For the archives, here's what we have in our (modified) rules:
>>>>
>>>> <<< filename.rules.conf >>>
>>>> # Deny Windows Media etc
>>>> deny \.wm[adsvz] Windows Media Format We don't allow Windows Media
>>>> Files
>>>> deny \.w[av]x Windows Media Format No Windows media metafile
>>>> links
>>>> deny \.as[fx] Windows Media Format We don't allow Windows Media
>>>> Files
>>>>
>>>> <<< filetype.rules.conf >>>
>>>> deny ASF No Windows Media No Windows Media files
>>>> allowed
>>
>> I have added the filetype.rules.conf one, but not the filename.rules.conf
>> ones. I don't want my standard ruleset to be too restrictive. Only a very
>> small percentage of you ever edit the files at all, and I don't want to
>> annoy everybody more than I have to.
>> Do we really need to ban all media files at all? Banning the movies is
>> probably good as they tend to be huge and illegal/worthless. But all the
>> audio files as well?
>>
>> Also, does anyone know of any attacks done involving media metafile links?
>> Hopefully these are small and harmless.
>> --
>> Julian Field
>> www.MailScanner.info
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list