Re: Virus Checking - COMPLETELY UNENCUMBERED!
- To: Brian May <firstname.lastname@example.org>
- Cc: Joseph Carter <email@example.com>, Matthew Grant <firstname.lastname@example.org>, Pixel <email@example.com>, firstname.lastname@example.org
- Subject: Re: Virus Checking - COMPLETELY UNENCUMBERED!
- From: Martijn van Oosterhout <email@example.com>
- Date: Wed, 15 May 2002 12:29:01 +1000
- Message-id: <[🔎] 20020515122901.B12839@svana.org>
- Mail-followup-to: Brian May <firstname.lastname@example.org>, Joseph Carter <email@example.com>, Matthew Grant <firstname.lastname@example.org>, Pixel <email@example.com>, firstname.lastname@example.org
- Reply-to: Martijn van Oosterhout <email@example.com>
- In-reply-to: <[🔎] 1021426468.5009.31.camel@scrooge>; from firstname.lastname@example.org on Wed, May 15, 2002 at 11:34:28AM +1000
- References: <[🔎] 1021202211.532.5.camel@zion> <[🔎] 20020512143514.GB3134@laviola.org> <[🔎] email@example.com> <[🔎] 1021233361.531.2.camel@zion> <[🔎] 20020514093111.GT16352@bluecherry.net> <[🔎] 1021426468.5009.31.camel@scrooge>
On Wed, May 15, 2002 at 11:34:28AM +1000, Brian May wrote:
> On Tue, 2002-05-14 at 19:31, Joseph Carter wrote:
> > recipes a filter to remove any executable attachments from an email
> > outright or mark them as spam or delete them or something. NOBODY should
> > be emailing an executable. A zip maybe, an image okay. An executable,
> > particularly a win32 executable is almost guaranteed to be a virus.
> This is a FAQ for amavis, on why amavis doesn't support this.
> While I don't agree with their reasoning, they say it gives a false
> sense of security because it is too easy to hide a virus inside a virus
> with the wrong MIME type or wrong extension (eg *.doc), and have it
> still execute on a broken Windows machine.
I get no false sense of security. The fact is that this check is cheap and
very simple to build into the mailer and means you can avoid running the
full virus scanner on every single attachment.
> Personally, I think any file that ends in extensions like *.exe, *.bat,
> *.com, *.scr (and maybe even *.doc; but some people do send/receive
> these files) are very suspicious, and even if you know the sender, the
> chance exists that the files could have been tampered with (unless the
> message is digitally signed with a known signature).
See the filter for exim. It doesn't touch .doc or .xls so you'll still need a
proper virus scanner for those. But it instantly rejects anything that has
no right to be there, whether or not it's a virus.
Which is an interesting point. The virus scanner blocks those files which
have viruses, whereas the filter will block all those files, whether or not
they have a virus. I actually want the latter. Employees should not be
sending eachother screensavers :).
Martijn van Oosterhout <firstname.lastname@example.org> http://svana.org/kleptog/
> Canada, Mexico, and Australia form the Axis of Nations That
> Are Actually Quite Nice But Secretly Have Nasty Thoughts About America
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org