filename.rules.conf

dnsadmin 1bigthink.com dnsadmin at 1BIGTHINK.COM
Wed Jan 11 21:20:50 GMT 2006


At 03:54 PM 1/11/2006, you wrote:

>Julian Field wrote:
> > Kevin Miller wrote:
> >
> >> dnsadmin 1bigthink.com wrote:
> >>
> >>
> >>> At 04:13 AM 1/11/2006, you wrote:
> >>>
> >>>
> >>>
> >>>> -----BEGIN PGP SIGNED MESSAGE-----
> >>>>
> >>>> I concur.
> >>>> Please remind me when something is due for removal.
> >>>>
> >>>>
> >>>>
> >> snip
> >>
> >>
> >>> I still see lots of .pif attempts. Allow at your own demise! I've
> >>> yet to see a valid .scr, .hlp, .ico, or .cur and I've definitely
> >>> run into some mentally debilitated users!
> >>>
> >>>
> >>
> >> I agree.  I guess if it could be shown that none of the viruses on
> >> the wild list use those extensions I'd say remove them, but if
> >> there's a potential for exploitation then leave 'em.  It's a lot
> >> cheaper timewise for an end user to zip the file or other method
> >> like ftp if it's legitimate, than it is for me to clean several
> >> hundred machines if a virus gets loose in our internal email.
> >> DAMHIKT!
> >>
> >>
> > DAMHIKT?
>
>Don't Ask Me How I Know This. <g>
>
> >
> > I also see the other side of this argument. However, given that both
> > sides have valid points, I can only come down on the safe side. If you
> > don't like the rules, edit them. I will play safe for now.
> > Any more thoughts on this argument?
>
>I think I'm missing something.  Wouldn't the safe side be to leave the
>deny entries in the filename.rules.conf and filetype.rules.conf files
>for extensions like .scr .hlp, .ico, etc.?
>
>Or were you speaking toungue in cheek when you said "Please remind me
>when something is due for removal."?
>
>
>...Kevin

The initial 'I concur ..' was Julian, yesterday. The sequence got out 
of sorts. Julian advocated keeping in the rules originally suggested 
as outdated.

I'd rather the rules stay with the safe defaults as has been the 
case. They are easier removed than installed anyway.

Cheers,
Glenn 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list