That is true. Fortunately, there are relatively few people who can execute
perl and tcl files on their windows machines. The extensions that are
blocked below actually come from a recommendation by Microsoft on what
attachments are 'dangerous' and probably should be blocked.
Jerry
http://www.syslog.org
----- Original Message -----
From: "Leonardo Boselli" <leo@???>
To: "Jerry Bell" <jerry@???>; <exim-users@???>
Sent: Wednesday, August 20, 2003 1:57 PM
Subject: Re: [Exim] Blocking sobig.f
Btw: even pl and tcl can be automatically executed ... !...
Il 20 Aug 2003 alle 10:50, Jerry Bell immise in rete:
> <snip>
> Another way I've found to very effectively block most all recent viruses
> is by blocking 'bad' attachments:
> deny message = contains $found_extension file (blacklisted).
> demime =
>
ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:mdb:m
de:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh:AD
E:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE
:MSC:MSI:MSP:MST:PCD:PIF:REG:SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH
> sensitive. I don't have all permutations here, but upper and lower seem
> to catch most all of them.
