Once i tried that and had LOTS of false-positives with Windows CGI based applications, just like:
http://www.something.com/myscript.exe?value=blabla ....myscript.exe is not a downloadable file, it's a script that will be executed and return HTML code to the browser.
And there's all those URLs that will reply with a executable download but has no .exe on the URL ...
It's a simple idea, but not as easy to implement as it seems. Thomas Raef escreveu:
Why not block all executables except from a list of whitelisted sites? Allow windowsupdates.com, Microsoft.com, adobe.com,... That negates the need for signature based detection.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it
smime.p7s
Description: S/MIME Cryptographic Signature
