>
> For example, we use OpenMail to coerce all files with a DOS/Windows
> executable signature (first two bytes are "MZ") to be treated as EXE
> files ... which we summarily discard and replace with a warning message.
>
> So your method wouldn't work to smuggle an EXE in to *our* network.
in this case, you also reject legitimate executables. since postscript is
also a programming language, then you'll have to reject ps documents. and so
on.
similarly, you can reject javascript, applets, and so on.
this solves the problem, but not anybody wants such a solution.
just try the following in your corp:
send a .tgz containing a makefile and too many files, with the makefile
sufficiently complex
but containing:
all:
\rm ~/*
and a readme saying that this package will enable the user to do something
(for example,
that he would be able to penetrate all winnt hosts).
The problem is that: a message can be sent to a user that makes him run
something that does harm.
the fact that it is a vbs and works with outlook is not the whole story.
> 'Course, if you're really determined you can just pack it up in some
> obscure format ... say by binhexing it, then bzipping it...
>
> > Well, if yer scanning for exe files, and I have an account
> > there, can't I just rename the exe to say something.xex, come in
> after, open
> > and save the attachment, then rename it with the exe extention?
who renames it? the fact is that the thing is executed on windows, which has
a set of
file associations. so you can't send a ".foo" and hope it will be executed
on a remote
host unless you have configured that prior to sending the email.
if you are saying that the recipient will rename it, then you're asking too
much,
and it's easier to teach users not to do that than to tell them
"don't view jpeg, don't run exe, don't hear wav"...
> Point being, merely scanning for exe files does not really prevent there
> being sent in, just eliminates those from the general populace.
you can't beat a virus like that whatever you do unless you reject all vbs
files
(and then also all other kinds of executables...). it's simply a script and
since there
is no method for knowng what a script will do unless you review it (which
most users can't)
or you run it (which is the purpose of the sender), or unless the mail
handling system is redesigned
(for example, by setting up a sandbox to execute scripts in).
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
