On Nov 29, 2011 9:10 PM, "J. Roeleveld" <jo...@antarean.org> wrote: > > On Tue, November 29, 2011 2:36 pm, Pandu Poluan wrote: > > On Nov 29, 2011 8:25 PM, "VinÃcius Ferrão" > > <viniciusfer...@cc.if.ufrj.br> > > wrote: > >> > >> Agreed. > >> > >> Filtering Windows executables will only make the system admin to be > > recognized as an asshole and windows-hater. > >> > >> On Nov 29, 2011, at 10:11 AM, J. Roeleveld wrote: > >> > >> > On Mon, November 28, 2011 7:27 pm, MiÈ™u Moldovan wrote: > >> > <SNIPPED> > >> >> Also, a good idea is to block > >> >> extensions such as exe, pif, bat (in zip files also) before scanning > >> >> for viruses (if such a scan is really needed). > >> > > >> > I disagree. There are valid reasons to send "*.exe" and "*.bat" files > > via > >> > email. Braindead filters on extensions only cause problems. > >> > > > > > With my current setup, I already block .exe, .pif, .com, .lnk, .scr, and > > their ilks. > > > > But I do allow .zip and .rar, though. > > Do you have a good reason to block on extensions? > Virus-scanners work quite nicely already and are not fooled by changing > the extensions. > > I have received viruses where the email contained instructions to change > the extension to .exe. Filtering on extension will not stop those. >
Because some other mail servers reject those files, and my lusers are too, uh, intelligence-challenged to understand the simple error message returned by the receiving server. Some are even so brain-dead to totally ignore any server error message. So, I outright block those attachments. Now, offending emails got rejected during SMTP submission, and the lusers have to take action instead of ignoring the issue. Rgds,