Curt Purdy <[EMAIL PROTECTED]> wrote: >>> An alternative is to allow only a proprietary extension through, >>> like .inc. Legitimate senders would rename the file, be it .exe >>> .doc .jpg, indicate in the body of the message what the true >>> extension is, and the receiver merely renames it. >> > Only the proprietary extension, i.e. .inc or .xyz or .whatever, > would be allowed through, and since virus writers would never use > this extension, it would eliminate ALL viruses at the gateway. > The nice thing about this approach is that it completely eliminates > the need for any anti-virus on the mail server since all virus > attachments are automatically dropped without the need for scanning. > Quite a simple, yet elegant solution, if I do say so myself.
Yes, it eliminates a large class of viruses. But, it would not do anything to "local" attacks (a virus modified specifically to handle your particular setup; and if it becomes widely used then "real" viruses will also do the same). Also it does nothing to viruses that do not use attachments: attacks on a "Subject:" buffer overflow, or a virus delivery via the web with a link or "Content-type: message/external-body". Also you might miss some attachments: "uuencoded block"s, or those within incomplete "Content-type: message/partial" bits. Within those limitations, it is a great idea to keep an organization free from "common" attacks. Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
