filename.rules.conf

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Wed Jan 11 20:54:46 GMT 2006


Julian Field wrote:
> Kevin Miller wrote:
> 
>> dnsadmin 1bigthink.com wrote:
>> 
>> 
>>> At 04:13 AM 1/11/2006, you wrote:
>>> 
>>> 
>>> 
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> 
>>>> I concur.
>>>> Please remind me when something is due for removal.
>>>> 
>>>> 
>>>> 
>> snip
>> 
>> 
>>> I still see lots of .pif attempts. Allow at your own demise! I've
>>> yet to see a valid .scr, .hlp, .ico, or .cur and I've definitely
>>> run into some mentally debilitated users!
>>> 
>>> 
>> 
>> I agree.  I guess if it could be shown that none of the viruses on
>> the wild list use those extensions I'd say remove them, but if
>> there's a potential for exploitation then leave 'em.  It's a lot
>> cheaper timewise for an end user to zip the file or other method
>> like ftp if it's legitimate, than it is for me to clean several
>> hundred machines if a virus gets loose in our internal email. 
>> DAMHIKT! 
>> 
>> 
> DAMHIKT?

Don't Ask Me How I Know This. <g>

> 
> I also see the other side of this argument. However, given that both
> sides have valid points, I can only come down on the safe side. If you
> don't like the rules, edit them. I will play safe for now.
> Any more thoughts on this argument?

I think I'm missing something.  Wouldn't the safe side be to leave the
deny entries in the filename.rules.conf and filetype.rules.conf files
for extensions like .scr .hlp, .ico, etc.?

Or were you speaking toungue in cheek when you said "Please remind me
when something is due for removal."?


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list