blocking SDG files?

Fractal IT Dept. itdept at FRACTALWEB.COM
Tue Mar 29 21:09:28 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rick Cooper wrote:
            A demand paged executable  is an executable
            compiled to load only parts of the executable at
            load time, and then load a needed page directly
            from the executable when it's required. So if you
            have a large executable that doesn't always  need
            certain functions they can be compiled as pages
            and it reduces the load time and memory
            requirements at the expense of execution speed
            when the given page is required.
 
As I recall the windows PE executables include a MSDOS MZ
(possibly MZP) header and stub (that say must be run under
windows) and the PE32 does not, I believe the PE32 starts
with a COFF header and that would be something like 16 bytes
of non ASCII data relating to machine target, section count
and a few pointers. So I would suppose it would be easy to
mistake a binary data file with no header for a PE32.
Conversely would not recognize a PE32 file as a typical
Microsoft format (because it really isn't, it's unix based in
reality) because there would not be a MSDOS header and stub
so no MZ or MZP.
 
I kind of doubt that there is a magic entry for a Star Office
Graphic file since there is no firm structure for it... I
would think quarantine and release would be the only answer
 
Rick

Rick,

Thanks for the response.

I do have a quarantine system running where everything stays for 2 weeks
before it's sent to the "bit recycler". Unfortunately, when I attempt to
release this message from the quarantine, it gets re-trapped by
Mailscanner in its incessant thoughness. Is there a way of telling
MailScanner to not do file type checks when the message is being sent
directly from the server or something?

Chris
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list