On 03/24/2011 05:06 AM, Ethy H. Brito wrote: > Hmmm. That lead to another question. > What if I rename notepad.exe to notepad.txt and attached it as an > "application/octet-stream" and > > .exe SIZE=-1 EXE files not allowed per Company security policy > > is on quarantine-events??? > > What should QS do?? Block it or deliver it? > > In my setup, it is delivering it and IMHO it shouldn´t. That rule says "a file that ends in .exe" - it doesn't imply it's a Windows binary! It only looks at filenames. There is specific code in Qmail-Scanner to look for the specific case of a Windows binary being attached with a non "application/*" Content-Type - and that's all.
What you are asking for is a new feature: that the actual file type of random blobs of files be mapped to a near-infinite range of application types, and that their acceptance or rejection be tracked and acted on. Not a bad idea - but certainly not done by Qmail-Scanner today. In fact, that task is better suited for clamav - you could create local rules that detect Windows binaries, MP3, etc and treat them as viruses - thus allow Q-S to block them A product like clamav would be better suited for this kind of work http://www.clamav.net/doc/latest/signatures.pdf -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
