Here's my 2 cents. Download officeupdate.microsoft.com security patch for
Outlook.. blocks pretty much all extensions including .exe that could
potentially be a virus.
Eric
----- Original Message -----
From: "Mikael Olsson" <[EMAIL PROTECTED]>
To: "Frank Darden" <[EMAIL PROTECTED]>
Cc: "'Duane Joubert'" <[EMAIL PROTECTED]>; "'Williams, Stacy'"
<[EMAIL PROTECTED]>; "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Sent: Monday, July 03, 2000 4:29 AM
Subject: Re: Rules for filtering .vbs and .shs extensions on email
attachments
>
>
> Frank Darden wrote:
> >
> > In short, no. Firewall-1 will allow you to drop specific defined MIME
types,
> > but you cannot simply block *.vbs Unfortunately, I am not well versed
enough
> > on the specific MIME types to be able to tell you if there is a specific
> > MIME type for vbs files
>
> If you're worried about MS Outlock receiving *.vbs files, you need to
filter
> based on the file name rather than the mime type, since it consults the
> extension association mappings to determine what application to launch.
>
> Netscape v4 and above also consults the extension mappings, but I believe
> it relies on mime type first and only when it can't find the right
> mime type does it look at the extension.
>
> Example: Malconfigured webserver servers *.htm files up as
> application/octet-stream. Netscape looks at the mime type and shows
> the data as plain text, IE (which outlook uses) looks at the
> extension, and parses the contents as HTML.
>
> So, in short: You need to filter both file extensions and mime types.
> This goes for all file types on Microsoft platforms (and quite possibly
> a few other platforms aswell?).
>
> $.0002
>
> /Mike
>
> --
> Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
> Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
> Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
> WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
