Allowing .exe's

[mikea]

On Tue, Jun 27, 2006 at 07:38:14PM +0530, Raj wrote:
> see there is no harm on giving user the right to send *.exe, Your clamav can
> still stop them if it is infected. Read the wiki there is a block diagram
> which shows the 3 steps of mail scanner.
> 1. Spam check
> 2. ClamAV for virus
> 3,. Attachment manipulation.
> 
> So if you have virus on *.exe this will stop the mails reaching the user,
> 
> But hee... still it is risky , most of the viruses are *.exe file, & if your
> freshcalm didnt work or clamav database fails to identify any new virus ,
> then your are @#$%^&*!@#$%^&!@#$%^&.. boy

Just so, and that's not a risk _I_ will take. If a vendor wants one
of our people to try a new version of a program, then the vendor gets
it to us on CD through the mails, or brings it to us, or puts it up on
the vendor's own website with MD5 signature and other authentications.

Neither do we allow users to _send_ .exe files, in case one of the 
machines gets infected. I block _ALL_ executables on the outbound 
MailScanner box as well. 

AV tools are only useful _after_ the infection is analy[sz]ed and the
signature(s) are made available. Since I update ClamAV every two hours,
that means that there's a 1-hour window, on the average, between the 
ClamAV folks updating their signature files and my inbound mailfilter
seeing them. That's in addition to the lag between the malware first
appearing in the wild and the ClamAV folks getting their analysis done
and signature files build. 

Too much risk; not enough benefit, and better (i.e., more trustworthy) 
ways exist to distribute trustworthy executables.

But this is tangential to MS itself, and probably should stop here.

-- 
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin