Author: Vadim Vygonets Date: To: exim-users Subject: Re: [Exim] IRC/Stages.worm and system_filter.exim
Quoth Jethro R Binks on Tue, Jun 20, 2000: > For those sites who don't want to block copious amounts of attachment with
> these filters, I wonder if a simpler filter that blocked any attachment
> called somefile.txt.ext (.ext could be any value) would be a reasonable
> compromise: certainly some of the recent ones we've seen try to disguise
> the nature of the file by making it appear to have a .txt extension (when
> it really has another further extension, the one Windows takes notice of).
First, it may be .gif.vbs instead of .txt.vbs any time. Second,
Windows mailers should NOTICE THE FREAKING MIME TYPE INSTEAD OF
THE FREAKING SO-CALLED EXTENSION. But that's not our fault.
> This thought was derived from a comment by one of my users about blocking
> "double extension" attachments.
Don't know about you, but I like .tar.gz files, as well as
.c.bz2, .1.Z, and -6.09.00.
> Comments?
Everything we do is doomed to fail at some point or another.
Nothing that was proposed and implemented here, or in any other
place I've seen (including the anti-viruses), is a solution to
this problem. As long as users use insecure mailers on insecure
operating systems, viruses, worms, and other creatures will
exist. Those who use Outloop and friends bring it on themselves.
Meanwhile, my dad is happy using UNIX mailers -- I told him I
would not appreciate security holes in whatever he uses.
Vadik.
--
Do not meddle in the affairs of sysadmins, they are quick to
anger and have no need for subtlety.
%20would%20be%20a%20reasonable%0A>%20>%20compromise:%20certainly%20some%20of%20the%20recent%20ones%20we've%20seen%20try%20to%20disguise%0A>%20>%20the%20nature%20of%20the%20file%20by%20making%20it%20appear%20to%20have%20a%20.txt%20extension%20(when%0A>%20>%20it%20really%20has%20another%20further%20extension,%20the%20one%20Windows%20takes%20notice%20of).%0A>%20%0A>%20First,%20it%20may%20be%20.gif.vbs%20instead%20of%20.txt.vbs%20any%20time.%20%20Second,%0A>%20Windows%20mailers%20should%20NOTICE%20THE%20FREAKING%20MIME%20TYPE%20INSTEAD%20OF%0A>%20THE%20FREAKING%20SO-CALLED%20EXTENSION.%20%20But%20that's%20not%20our%20fault.%0A>%20%0A>%20>%20This%20thought%20was%20derived%20from%20a%20comment%20by%20one%20of%20my%20users%20about%20blocking%0A>%20>%20%22double%20extension%22%20attachments.%0A>%20%0A>%20Don't%20know%20about%20you,%20but%20I%20like%20.tar.gz%20files,%20as%20well%20as%0A>%20.c.bz2,%20.1.Z,%20and%20-6.09.00.%0A>%20%0A>%20>%20Comments?%0A>%20%0A>%20Everything%20we%20do%20is%20doomed%20to%20fail%20at%20some%20point%20or%20another.%0A>%20Nothing%20that%20was%20proposed%20and%20implemented%20here,%20or%20in%20any%20other%0A>%20place%20I've%20seen%20(including%20the%20anti-viruses),%20is%20a%20solution%20to%0A>%20this%20problem.%20%20As%20long%20as%20users%20use%20insecure%20mailers%20on%20insecure%0A>%20operating%20systems,%20viruses,%20worms,%20and%20other%20creatures%20will%0A>%20exist.%20%20Those%20who%20use%20Outloop%20and%20friends%20bring%20it%20on%20themselves.%0A>%20Meanwhile,%20my%20dad%20is%20happy%20using%20UNIX%20mailers%20--%20I%20told%20him%20I%0A>%20would%20not%20appreciate%20security%20holes%20in%20whatever%20he%20uses.%0A>%20%0A>%20Vadik.%0A>%20%0A>%20--%20%0A>%20Do%20not%20meddle%20in%20the%20affairs%20of%20sysadmins,%20they%20are%20quick%20to%0A>%20anger%20and%20have%20no%20need%20for%20subtlety.%0A>%20%0A>%20%0A>%20 "Reply to this message")