Can we block the extension like *.exe for only for incomming messages.. Is that possible on MS....???<br><br><div><span class="gmail_quote">On 6/28/06, <b class="gmail_sendername">mikea</b> <<a href="mailto:mikea@mikea.ath.cx">
mikea@mikea.ath.cx</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Tue, Jun 27, 2006 at 07:38:14PM +0530, Raj wrote:
<br>> see there is no harm on giving user the right to send *.exe, Your clamav can<br>> still stop them if it is infected. Read the wiki there is a block diagram<br>> which shows the 3 steps of mail scanner.<br>> 1. Spam check
<br>> 2. ClamAV for virus<br>> 3,. Attachment manipulation.<br>><br>> So if you have virus on *.exe this will stop the mails reaching the user,<br>><br>> But hee... still it is risky , most of the viruses are *.exe file, & if your
<br>> freshcalm didnt work or clamav database fails to identify any new virus ,<br>> then your are @#$%^&*!@#$%^&!@#$%^&.. boy<br><br>Just so, and that's not a risk _I_ will take. If a vendor wants one<br>
of our people to try a new version of a program, then the vendor gets<br>it to us on CD through the mails, or brings it to us, or puts it up on<br>the vendor's own website with MD5 signature and other authentications.<br>
<br>Neither do we allow users to _send_ .exe files, in case one of the<br>machines gets infected. I block _ALL_ executables on the outbound<br>MailScanner box as well.<br><br>AV tools are only useful _after_ the infection is analy[sz]ed and the
<br>signature(s) are made available. Since I update ClamAV every two hours,<br>that means that there's a 1-hour window, on the average, between the<br>ClamAV folks updating their signature files and my inbound mailfilter<br>
seeing them. That's in addition to the lag between the malware first<br>appearing in the wild and the ClamAV folks getting their analysis done<br>and signature files build.<br><br>Too much risk; not enough benefit, and better (
i.e., more trustworthy)<br>ways exist to distribute trustworthy executables.<br><br>But this is tangential to MS itself, and probably should stop here.<br><br>--<br>Mike Andrews, W5EGO<br><a href="mailto:mikea@mikea.ath.cx">
mikea@mikea.ath.cx</a><br>Tired old sysadmin<br>--<br>MailScanner mailing list<br><a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br><a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner">
http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br><br>Before posting, read <a href="http://wiki.mailscanner.info/posting">http://wiki.mailscanner.info/posting</a><br><br>Support MailScanner development - buy the book off the website!
<br></blockquote></div><br><br clear="all"><br>-- <br>Regards<br>Rajeev Sekhar<br>ph 9822751120