Re: [Exim] executable filter use?

On Thu, 1 Nov 2001, D.M.Chapman wrote:

> Just a quick one - how many people are using the "Generic Windows
> Executable Content filter" on their systems?

> In particular, I am interested in academic sites who are blocking this

In our Departmental mailer we do it, for one.

There is a published campus policy which deprecates the use of such
attachments and warns recipients not to open them, and so we as
postmasters _do_ kind-of have some formal support for the policy,
which we can point to if anyone gets aggrieved.

> Virus checking would not
> have prevented this as we seemed to get it before the virus companies
> had updated their software.

Exactly. What I tell our users is that they _should_ have up to date
virus protection, as a backstop; but if the virus detector is ever
triggered, then it means they were doing something wrong - or at least
inadvisable - and ought to consider adopting safer working practices.

A bit like a fire alarm, really. It _ought_ never to go off in anger,
but that doesn't mean you should do without one. If it ever does go
off, then you are supposed to think out what you were doing wrong, and
try not to do it again.

Unfortunately, it's one of those rules of nature that because we're
shielding the users from emailed (potential) viruses, they get
careless. And then someone brings in a laptop that they've infected
at home via their friendly ISP, and off we go...


Another scenario that has arisen recently is this. Someone attempts
to send us email with an active attachment, and so we attempt to
reject it. However, the mailer at the reporting address (the one that
they had supplied - or counterfeited) refuses to accept the rejection
report on the grounds that it contains a virus! This has happened to
us on a handful of occasions now.

cheers