Author: Dan Egli Date: To: Exim users list Subject: Re: [Exim] Bugbear/B filtration
Alan J. Flavell wrote:
| On Fri, 6 Jun 2003, Dan Egli quotes me saying: |
|
|>|>Just to clarify this point: Having a virus scanner is certainly a
|>|>valuable backstop, but if that's the only precaution, then it more or
|>|>less guarantees infection, sooner or later, when a virus arrives
|>|>before its anti-virus update. It's best to have a policy of blocking
|>|>potentially-dangerous formats. And by all means a virus scanner too.
|>|>
|>|>Most recently, we (or rather, exiscan) blocked several instances of
|>|>what turned out to be Sobig-C, on the grounds of it being a
|>|>potentially dangerous attachment, in the relatively short time until
|>|>the update for it arrived from the anti-virus vendor. The two
|>|>different kinds of report are evident in the log:
|>
|>I have to disagree here,
|
| | With the greatest of respect, you are in no position to disagree with
| the second paragraph which you quoted. It is a plain statement of
| fact about incidents which happened here, and of which you have no
| more knowledge than what I have already given you.
This is true. I should not have put that 2nd paragraph there. Sorry.
| | As for the first paragraph, I do stand by what I wrote, though I'm
| well aware that such a policy is inconvenient for some. But naive
| users getting themselves infested with viruses is also inconvenient,
| and in my situation (as deputy postmaster for a department full of
| academics who, in terms of computer usage, is as easy to control as
| the average herd of cats), I think we're right to err on the side of
| caution.
I suppose that this would be true. I suppose there is no harm in erring
on the side of caution. But it does make things extreemly difficult at
times for more advanced users who are trying to make a legitimate
mailing of an executable file. OR a screen saver. I mailed some screen
savers to a friend the other day (.scr extension on all of them).
| | [...] |
|
|>Mcafee identified it as "an unknown virus or trojan".
|
| | Fine, but are you going to rely on that alone to protect your naive
| users? |
Actually, on anyone I know who connects to my mail server, I also
STRONLGY insist that they have virus protection on the PC itself. For
example, I have Norton AntiVirus on this box I'm tryping on. It works
great as a 2nd line of defence. I suppose it's not soo bad if it's only
looking at the name. I know the basic virus defence in M.S. Exchange
Server is to block any executable, and it doesn't look at the name. You
can rename the file, rename and Zip the file, etc.. doesn't matter. They
still won't get it. That's beyond annoying. That's rediclous.
|
|>I have always HATED sites that block EXEs and other files simply because
|>they COULD contain a virus.
|
| | My hatred goes out to the client software which makes it so easy for
| users to fall foul of such infestations. But we can't stop them doing
| it, so we see our only recourse as blocking the potential risks. |
|
|>Yesterday I had a software vendor ask me to
|>send him some files that was making a program he wrote crash when it
|>loaded up. He asked for them in a ZIP file.
|
| | So you should have sent them as a ZIP file. This is also our policy.
Easier said than done. See below.
|
|
|>So, I sent a self-extracting ZIP, and it was promptly rejected.
|
| | Indeed, as so would we. I'm disappointed that you don't see the logic
| of this for yourself. You've every right to discuss the general
| policy, but, given that they had such a policy, if you intend to send
| them something then you better fall into line with that policy. They
| ask for zip format, you send zip format - not exe format. Well in this case I could not send zip very easily. I don't HAVE WinZip
or anything of the like installed. I have WinRAR. It compresses MUCH
tighter. I did a test compression once a while back, and given the same
10MB directory of mixed content (EXEs, TXT files, BMPs, etc...), I got a
whopping 23% better compression with a solid RAR than with a zip file.
Now considering that I am oft times connecting to a dialup, every KB
that I can shave off a file means reduced transfer times. The file was
2MB+ as it was.
I see your stand point, but I hope you can see mine.