Author: Jethro R Binks Date: To: exim-users Subject: Re: [Exim] IRC/Stages.worm and system_filter.exim
> First, it may be .gif.vbs instead of .txt.vbs any time.
True.
> Second,
> Windows mailers should NOTICE THE FREAKING MIME TYPE INSTEAD OF
> THE FREAKING SO-CALLED EXTENSION. But that's not our fault.
No, it's not, but we (unfortunately) have to work around it. That's how
Windows works. Deal with it.
> > This thought was derived from a comment by one of my users about blocking
> > "double extension" attachments.
>
> Don't know about you, but I like .tar.gz files, as well as
> .c.bz2, .1.Z, and -6.09.00.
I quite agree; I wasn't suggesting doing it unilaterally -- the above was
the suggestion which I refined for the common case that we've seen. The
point about .txt. or .gif. is that it *seems* to be benign, and is more
likely to trick someone who hasn't quite woken up yet into opening up the
attachment, thinking "it's a txt [or gif] file, not dangerous".
> Everything we do is doomed to fail at some point or another.
> Nothing that was proposed and implemented here, or in any other
> place I've seen (including the anti-viruses), is a solution to
> this problem. As long as users use insecure mailers on insecure
> operating systems, viruses, worms, and other creatures will
> exist. Those who use Outloop and friends bring it on themselves.
Perhaps they do; but it won't stop them using such products, and it won't
stop us trying to protect them anyway, however difficult or impossible it
might be in the long run.