blocking SDG files?
Fractal IT Dept.
itdept at FRACTALWEB.COM
Tue Mar 29 21:09:28 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Rick Cooper wrote:
A demand paged executable is an executable
compiled to load only parts of the executable at
load time, and then load a needed page directly
from the executable when it's required. So if you
have a large executable that doesn't always need
certain functions they can be compiled as pages
and it reduces the load time and memory
requirements at the expense of execution speed
when the given page is required.
As I recall the windows PE executables include a MSDOS MZ
(possibly MZP) header and stub (that say must be run under
windows) and the PE32 does not, I believe the PE32 starts
with a COFF header and that would be something like 16 bytes
of non ASCII data relating to machine target, section count
and a few pointers. So I would suppose it would be easy to
mistake a binary data file with no header for a PE32.
Conversely would not recognize a PE32 file as a typical
Microsoft format (because it really isn't, it's unix based in
reality) because there would not be a MSDOS header and stub
so no MZ or MZP.
I kind of doubt that there is a magic entry for a Star Office
Graphic file since there is no firm structure for it... I
would think quarantine and release would be the only answer
Thanks for the response.
I do have a quarantine system running where everything stays for 2 weeks
before it's sent to the "bit recycler". Unfortunately, when I attempt to
release this message from the quarantine, it gets re-trapped by
Mailscanner in its incessant thoughness. Is there a way of telling
MailScanner to not do file type checks when the message is being sent
directly from the server or something?
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner