filename.rules.conf

Julian Field MailScanner at ecs.soton.ac.uk
Wed Jan 11 21:33:47 GMT 2006 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kevin Miller wrote:

>Julian Field wrote:
>  
>
>>Kevin Miller wrote:
>>
>>    
>>
>>>dnsadmin 1bigthink.com wrote:
>>>
>>>
>>>      
>>>
>>>>At 04:13 AM 1/11/2006, you wrote:
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>>>
>>>>>I concur.
>>>>>Please remind me when something is due for removal.
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>
>>>snip
>>>
>>>
>>>      
>>>
>>>>I still see lots of .pif attempts. Allow at your own demise! I've
>>>>yet to see a valid .scr, .hlp, .ico, or .cur and I've definitely
>>>>run into some mentally debilitated users!
>>>>
>>>>
>>>>        
>>>>
>>>I agree.  I guess if it could be shown that none of the viruses on
>>>the wild list use those extensions I'd say remove them, but if
>>>there's a potential for exploitation then leave 'em.  It's a lot
>>>cheaper timewise for an end user to zip the file or other method
>>>like ftp if it's legitimate, than it is for me to clean several
>>>hundred machines if a virus gets loose in our internal email. 
>>>DAMHIKT! 
>>>
>>>
>>>      
>>>
>>DAMHIKT?
>>    
>>
>
>Don't Ask Me How I Know This. <g>
>
>  
>
>>I also see the other side of this argument. However, given that both
>>sides have valid points, I can only come down on the safe side. If you
>>don't like the rules, edit them. I will play safe for now.
>>Any more thoughts on this argument?
>>    
>>
>
>I think I'm missing something.  Wouldn't the safe side be to leave the
>deny entries in the filename.rules.conf and filetype.rules.conf files
>for extensions like .scr .hlp, .ico, etc.?
>
>Or were you speaking toungue in cheek when you said "Please remind me
>when something is due for removal."?
>  
>
No, that was when I was siding with the dangerous side (removing traps 
against old vulnerabilities). I am now siding with the safe side (leave 
the traps in, let people delete them if and when they want to). Stay on 
the safe side, I will.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list