Author: Jethro R Binks Date: To: exim-users Subject: Re: [Exim] IRC/Stages.worm and system_filter.exim
> First, it may be .gif.vbs instead of .txt.vbs any time.
True.
> Second,
> Windows mailers should NOTICE THE FREAKING MIME TYPE INSTEAD OF
> THE FREAKING SO-CALLED EXTENSION. But that's not our fault.
No, it's not, but we (unfortunately) have to work around it. That's how
Windows works. Deal with it.
> > This thought was derived from a comment by one of my users about blocking
> > "double extension" attachments.
>
> Don't know about you, but I like .tar.gz files, as well as
> .c.bz2, .1.Z, and -6.09.00.
I quite agree; I wasn't suggesting doing it unilaterally -- the above was
the suggestion which I refined for the common case that we've seen. The
point about .txt. or .gif. is that it *seems* to be benign, and is more
likely to trick someone who hasn't quite woken up yet into opening up the
attachment, thinking "it's a txt [or gif] file, not dangerous".
> Everything we do is doomed to fail at some point or another.
> Nothing that was proposed and implemented here, or in any other
> place I've seen (including the anti-viruses), is a solution to
> this problem. As long as users use insecure mailers on insecure
> operating systems, viruses, worms, and other creatures will
> exist. Those who use Outloop and friends bring it on themselves.
Perhaps they do; but it won't stop them using such products, and it won't
stop us trying to protect them anyway, however difficult or impossible it
might be in the long run.
%20have%20to%20work%20around%20it.%20%20That's%20how%0A>%20Windows%20works.%20%20Deal%20with%20it.%0A>%20%0A>%20>%20>%20This%20thought%20was%20derived%20from%20a%20comment%20by%20one%20of%20my%20users%20about%20blocking%0A>%20>%20>%20%22double%20extension%22%20attachments.%0A>%20>%20%0A>%20>%20Don't%20know%20about%20you,%20but%20I%20like%20.tar.gz%20files,%20as%20well%20as%0A>%20>%20.c.bz2,%20.1.Z,%20and%20-6.09.00.%0A>%20%0A>%20I%20quite%20agree;%20I%20wasn't%20suggesting%20doing%20it%20unilaterally%20--%20the%20above%20was%0A>%20the%20suggestion%20which%20I%20refined%20for%20the%20common%20case%20that%20we've%20seen.%20%20The%0A>%20point%20about%20.txt.%20or%20.gif.%20is%20that%20it%20*seems*%20to%20be%20benign,%20and%20is%20more%0A>%20likely%20to%20trick%20someone%20who%20hasn't%20quite%20woken%20up%20yet%20into%20opening%20up%20the%20%0A>%20attachment,%20thinking%20%22it's%20a%20txt%20%5Bor%20gif%5D%20file,%20not%20dangerous%22.%0A>%20%0A>%20>%20Everything%20we%20do%20is%20doomed%20to%20fail%20at%20some%20point%20or%20another.%0A>%20>%20Nothing%20that%20was%20proposed%20and%20implemented%20here,%20or%20in%20any%20other%0A>%20>%20place%20I've%20seen%20(including%20the%20anti-viruses),%20is%20a%20solution%20to%0A>%20>%20this%20problem.%20%20As%20long%20as%20users%20use%20insecure%20mailers%20on%20insecure%0A>%20>%20operating%20systems,%20viruses,%20worms,%20and%20other%20creatures%20will%0A>%20>%20exist.%20%20Those%20who%20use%20Outloop%20and%20friends%20bring%20it%20on%20themselves.%0A>%20%0A>%20Perhaps%20they%20do;%20but%20it%20won't%20stop%20them%20using%20such%20products,%20and%20it%20won't%0A>%20stop%20us%20trying%20to%20protect%20them%20anyway,%20however%20difficult%20or%20impossible%20it%0A>%20might%20be%20in%20the%20long%20run.%0A>%20%0A>%20Jethro.%0A>%20%0A>%20%0A>%20%0A>%20 "Reply to this message")