<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 5.50.4916.2300" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=379040121-26072002><FONT face=Arial color=#0000ff size=2>If
someone changes the extension it won't block it even if it is an
executable. This works pretty well though because there's not to many
viruses that were written which hope that the user will change the extension and
then execute it. The only anti-virus software I've ever seen that blocks
executables not based on file extension is Antigen from Sybari, but that's for
Exchange.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Steve Evans</FONT></DIV>
<DIV><FONT face=Arial size=2>Computing Services</FONT></DIV>
<DIV><FONT face=Arial size=2>(619) 594-0653</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Miguel Koren
O'Brien de Lacy [mailto:miguelk@KONSULTEX.COM.BR] <BR><B>Sent:</B> Friday,
July 26, 2002 1:58 PM<BR><B>To:</B>
MAILSCANNER@JISCMAIL.AC.UK<BR><B>Subject:</B> Re: Removing only Windows
executables<BR><BR></FONT></DIV>Thanks for the idea. After reviewing this file
I see that I would remove EXE and COM by these
lines:<BR><BR>deny \.exe$<BR>deny
\.com$<BR><BR>Is this true?<BR><BR>But I don't really understand how I would
detect the EXE if the sender renames it to say 'ccx' for example. Or am I
missing something? I would like to know if it's an executable by the
information in the attachment itself (even if
zipped).<BR><BR>Miguel<BR><BR>Matt Doherty wrote:<BR>
<BLOCKQUOTE
cite="mid:CEEEJMPKAGAEEBLAKIGHGEJHCCAA.Matthew_doherty@datawatch.com"
type="cite">
<META content="MSHTML 5.50.4916.2300" name=GENERATOR>
<DIV><SPAN class=078102520-26072002><FONT face=Arial color=#0000ff
size=2>hint: <FONT face="Times New Roman" color=#000000
size=4>filename.rules.conf</FONT></FONT></SPAN></DIV>
<DIV> </DIV>
<P><FONT size=2>Matt Doherty<BR>IT Dept<BR>Datawatch Corp<BR><BR>>>In
a world without walls or fences, who needs Windows and
Gates?<<</FONT></P>
<BLOCKQUOTE>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Miguel Koren O'Brien de
Lacy [<A class=moz-txt-link-freetext
href="mailto:miguelk@KONSULTEX.COM.BR">mailto:miguelk@KONSULTEX.COM.BR</A>]<BR><B>Sent:</B>
Friday, July 26, 2002 5:15 PM<BR><B>To:</B> <A
class=moz-txt-link-abbreviated
href="mailto:MAILSCANNER@JISCMAIL.AC.UK">MAILSCANNER@JISCMAIL.AC.UK</A><BR><B>Subject:</B>
Removing only Windows executables<BR><BR></FONT></DIV>Excuse my ignorance
in this. I have mail scanner running perfectly for <BR>about 10 months now
(did not upgrade yet) and since there were no <BR>problems with it (set
and forget), I have gotten "rusty" in my mail <BR>scanner skills. I have a
situation in a network where it is desired to <BR>scan all mails but to
completely block Windows executable files. Don't <BR>even need to scan
them, just to remove them. Management has decided that <BR>no one should
receive executables The important fact here is that this <BR>is valid even
if they are zipped or renamed. I'm not talking about a <BR>batch file but
just EXE or COM for example. I would need to determine <BR>from the file
header if it is an executable Windows binary or not. Is <BR>this possible
with mail scanner in the current version? If not does <BR>anyone have a
suggestion? <BR><BR>Thanks. <BR><BR>Miguel
<BR><BR></BLOCKQUOTE></BLOCKQUOTE><BR></BLOCKQUOTE></BODY></HTML>
�