Hi! I was wondering how sometimes BAT, COM, EXE, etc attachments can get through. I am blocking in two places..
In Webshield SMTP by attachment I have individual rules setup to block BAT, SCR, VBS, PIF, COM and EXE Mail is handed to IMail after it comes through Webshield. In Imail 7.04 I have rules setup for each mail host: B=name=".*\pexe":NUL B=name=".*\pcom":NUL B=name=".*\pvbs":NUL B=name=".*\pbat":NUL B=name=".*\ppif":NUL B=name=".*\pscr":NUL I realize that someone using the webmail to send to another user/mail host on the same mail server would bypass the Webshield, but wouldn't the IMail rules still catch the attachment? I accidently deleted the offending e-mail that contained a BAT attachment infected by Klez, but the headers indicated the mail came from outside with verizon.net. The sender header appeared to be spoofed as [EMAIL PROTECTED] and addressed to our [EMAIL PROTECTED] . There's got to be a logical explanation for this. Can someone unconfuse me on how these double defenses could be bypassed? Thanks in advance! Ben To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
