Re: [Exim] Fwd: Serious Microsoft File Association Bug

Top Page
Delete this message
Reply to this message
Author: Rainer Link
Date:  
To: Phil Pennock, Exim Users
Subject: Re: [Exim] Fwd: Serious Microsoft File Association Bug
Phil Pennock wrote:

Hi!

> > Read the (NT)BugTraq Archives, especially postings from Vess (Bontchev),
> > Nick Fitzgerald and Eric Chien :)
>
> Not all of us choose to read mailing-lists devoted specifically to
> products which we neither use nor wish to use. The fact that

Yes :)
> pathetically inept design decisions in those products make life worse
> for us, and waste large amounts of our time, does not mean that we
> should spend our time becoming experts on those products.

Well, it was a hint for those ppl who are interested in some more
details. BugTraq and NtBugTraq offer
a search engine, so ppl may look for posting of the persons mentioned
above. I did not vote to use software from any company (uh, if I would
be a marketroid, I would vote for the Linux company who funds my work on
my open-source projects ... ;-))

> > Blocking for extensions does not make sense imho


> Until now, a reasonable middle-ground has been based on Exim's
> system_filter facility. Not perfect, but it works for the major
> problems. My warning message was specifically in relation to that
> filter, which many people on this list use.

Yes, and my mail should provide some additional information. Nothing
more.

> Changing operating systems so that we can use some commercial anti-viral
> products to protect yet another product is not desirable, but may prove
> for many to be necessary.

I know a lot of companies, which use Linux/*BSD on their servers and
Windows on their clients for whatever reasons. And for whatever reasons
they do not want or can not switch to an open-source operation system
(maybe in the future ... *g*).

> As I see it, the viable options are as follows:
>
> * Adopt GNU/Linux as a desktop OS, with Corel Wordperfect.

Why not StarOffice or KOffice (I forgot the name of the GNOME office
...). And why not FreeBSD? :)


Just as a side note: malicouse code is possible for every system (at the
upcoming Virus Bulletin Conference two talks about this topic will be
held). And the best secure system won't help you if the user does not
care about security. But this is going very off-topic now.

We will add content-filtering (based on filename/extension and on the
file type) into AMaViS in the future. But more important is a) improving
the exim integration into AMaViS and b) adding exim support into
AMaViS-Perl. Both stuff is on my to-do list for some months now :( - but
my time is limited.

best regards,
Rainer Link

--
Rainer Link | Member of Virus Help Munich (www.vhm.haitec.de)
rainer@??? | Developer of A Mail Virus Scanner (amavis.org)
link@??? | Founder of Linux AntiVirus Project (lavp.sourceforge.net)