Re: [Exim] Blocking sobig.f

Top Page
Delete this message
Reply to this message
Author: Jerry Bell
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] Blocking sobig.f
My apologies for the delay in getting the url from MS. At one point, there
was a specific Q article on dangerous extensions, but I can't seem to find
the link in my old email or through their search engine, but they do have
the extensions listed here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;291369
----- Original Message -----
From: "Sheldon Hearn" <sheldonh@???>
To: "Jerry Bell" <jerry@???>
Cc: "Leonardo Boselli" <leo@???>; <exim-users@???>
Sent: Thursday, August 21, 2003 3:30 AM
Subject: Re: [Exim] Blocking sobig.f


On (2003/08/20 18:15), Jerry Bell wrote:

> That is true. Fortunately, there are relatively few people who can

execute
> perl and tcl files on their windows machines. The extensions that are
> blocked below actually come from a recommendation by Microsoft on what
> attachments are 'dangerous' and probably should be blocked.


Do you have a reference to Microsoft's recommendation? That'd make it a
lot easier for me to motivate for blocking the whole list.

I currently have pif and scr blocked, and WOW is it saving the virus
scanner a lot of work. :-)

And exim-4.22/exiscan-acl seems to handle the extensions case
insensitively, which is fantastic. So all you'd need would be

    demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:\
             inf:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:\
             reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh


One thing.... Are you sure about "url"? Isn't that used to "attach
links"? I don't use a Wintendo mail client, so I don't know.

Ciao,
Sheldon.

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##