Allowing .exe's

Raj rajlinux at gmail.com
Wed Jun 28 06:28:22 IST 2006


 Can we block the extension like *.exe for only for incomming messages.. Is
that possible on MS....???

On 6/28/06, mikea <mikea at mikea.ath.cx> wrote:
>
> On Tue, Jun 27, 2006 at 07:38:14PM +0530, Raj wrote:
> > see there is no harm on giving user the right to send *.exe, Your clamav
> can
> > still stop them if it is infected. Read the wiki there is a block
> diagram
> > which shows the 3 steps of mail scanner.
> > 1. Spam check
> > 2. ClamAV for virus
> > 3,. Attachment manipulation.
> >
> > So if you have virus on *.exe this will stop the mails reaching the
> user,
> >
> > But hee... still it is risky , most of the viruses are *.exe file, & if
> your
> > freshcalm didnt work or clamav database fails to identify any new virus
> ,
> > then your are @#$%^&*!@#$%^&!@#$%^&.. boy
>
> Just so, and that's not a risk _I_ will take. If a vendor wants one
> of our people to try a new version of a program, then the vendor gets
> it to us on CD through the mails, or brings it to us, or puts it up on
> the vendor's own website with MD5 signature and other authentications.
>
> Neither do we allow users to _send_ .exe files, in case one of the
> machines gets infected. I block _ALL_ executables on the outbound
> MailScanner box as well.
>
> AV tools are only useful _after_ the infection is analy[sz]ed and the
> signature(s) are made available. Since I update ClamAV every two hours,
> that means that there's a 1-hour window, on the average, between the
> ClamAV folks updating their signature files and my inbound mailfilter
> seeing them. That's in addition to the lag between the malware first
> appearing in the wild and the ClamAV folks getting their analysis done
> and signature files build.
>
> Too much risk; not enough benefit, and better (i.e., more trustworthy)
> ways exist to distribute trustworthy executables.
>
> But this is tangential to MS itself, and probably should stop here.
>
> --
> Mike Andrews, W5EGO
> mikea at mikea.ath.cx
> Tired old sysadmin
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>



-- 
Regards
Rajeev Sekhar
ph 9822751120
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060628/bf6a223a/attachment.html


More information about the MailScanner mailing list