> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Brown, Nicholas
> Sent: Friday, 21 November 2003 3:48 a.m.
> To: [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
>
> Bojan Zdrnja Wrote:
> ...
> >That is why you should implement content blocking at your e-mail server.
> >There is absolutely no reason to allow .scr files to go around. If you
had
> >this blocked, it would stop MiMail-I without AV updates.
> >Also, note that this attachment has double extension, which should also
be
> >automatically blocked.
> ...
>
> It should be pointed out that blocking files with multiple extensions is
> not good idea, as this would interfere with lots of legitimate,
> non-executeable file types, such as .tar.gz.
Agreed (although - most users will send Windows attachments ;-).
Anyway, for that purpose, a regular expression like:
\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com)
Will do it. Amavisd-new has a nice default example for this.
Regards,
Bojan Zdrnja
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
