Re: [Exim] executable filter use?

Góra strony
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
Dla: Jon Bendtsen
CC: Exim users list
Temat: Re: [Exim] executable filter use?
On Thu, 8 Nov 2001, Jon Bendtsen wrote:

> "D.M.Chapman" wrote:
>
> > Just a quick one - how many people are using the "Generic Windows
> > Executable Content filter" on their systems?


> i'm not, because it wont work.


It's a point of view, certainly. Our practical experience has been
different...

> Even if you strip out windows executeables. people will send zip
> files,


That's precisely what we _advise_ them to do, if they wish to exchange
active content via email[1]. When the Great One decides at some point
in the future to re-engineer their product to automatically open and
execute the content of zip files, then we'll recommend something else.

> which people will double click and then execute (the content).


The purpose of the exercise (as I see it) is to defend users against
some widely available mail client software that is only too keen to
out-guess the user, and open active attachments for them, without
giving them the option.

> and will download/email executeables and see what happens.


This is also true, but is not what the stripping is primarily aimed to
defend against. It might sometimes have that beneficial side-effect,
but it isn't the primary motivation IMHO.

After all, the filter isn't attempting to filter out binaries for
Linux, VAX/VMS, EPOC etc. etc., because their users don't normally get
supplied with mail client software that comes configured for shooting
the user in the foot.

> Users are not the brightest people,


End users don't always get a free choice of which mail client to run.
Even if they do, they aren't always aware of the implications of
choosing that particular one (YKWIM).

Note - I am fully aware that one can reconfigure PINE to shoot users
in the foot in a very analogous way. My point is that PINE doesn't
come configured that way by default.

cheers

[1] Well, actually we suggest that their first choice should be to put
in on their personal web page area and send the recipient(s) its URL.
Sending active content as an email attachment (in whatever kind of
packaging) is recommended only if the first choice isn't applicable
for some good reason.