filename.rules.conf

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Wed Jan 11 22:31:38 GMT 2006 

Nerijus Baliunas wrote:
> On Wed, 11 Jan 2006 20:48:18 +0000 Julian Field
> <MailScanner at ECS.SOTON.AC.UK> wrote: 
> 
>> I also see the other side of this argument. However, given that both
>> sides have valid points, I can only come down on the safe side. If
>> you don't like the rules, edit them. I will play safe for now.
>> Any more thoughts on this argument?
> 
> Then please uncomment .wmf, as it makes no sense to not allow .hlp
> and allow .wmf by default. But I still think that .hlp and .ico
> should be 
> allowed, I never saw viruses with these extensions, while there are
> plenty with .com, .exe, .bat, .pif and .scr.

The wmf vulnerability is pretty new - week or so old I think.  Not sure
what you mean by uncomment, as it wasn't even in filename.rules.conf
unless it's manually added.  Julian may have put it in the latest
release, but I'm behind a bit.  Bottom line is that what comes with
MailScanner is a set of sensible defaults, but it's intended that some
customization be done on every install since no two businesses have the
same requirements.  Feel free to allow/deny whatever is appropriate for
your situation.

If you don't have any trouble with .hlp and .ico files then by all means
comment those out.  I don't know if any have ever even been sent to us.
If not, then it's irrelivant whether they're commented out or not.  If
some have, it makes more sense to me to have the sender zip them and
resend than take a chance on some old virus slipping through.  Most home
users are very ignorant of computer security.  They may or may not have
up to date service packs or antivirus.  Or antivirus and security
updates at all.  I'm not going to trust my network to the digilance of
clueless home users.  YMMV...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list