Re: [Exim] ACL to ALLOW only mentioned attachments type and …

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] ACL to ALLOW only mentioned attachments type and block *
On Fri, 26 Mar 2004, Peter Bowyer wrote:

> What you want to stop is attachments that a vulnerable system would treat
> badly.


Right.

> A .scr will only be executed by a Windows system if it arrives called
> something.scr, content-type notwithstanding.


That's the disease, indeed. We're just picking at its symptoms.

> So if the objective is to stop things getting through which Windows boxes


Unfortunately, it is, yes.

> might do something bad with, then looking at the extension is a valid thing
> to do.


My apologies - I may not have expressed myself precisely enough. I'm
not griping about what we're doing - - finding ourselves in an
impossible situation, we're taking the only recourse that's left open
to us. I'm griping about the fact that there is all this
unsafe-at-any-speed client software connected to the Internet -
software which is so extensively incompatible with the requirements of
the relevant Internet RFCs.

> It doesn't guarantee to stop everything that *is* a windows screen
> saver, but it will stop everything that windows would treat as such.


It's still just applying sticky tapes over the symptoms. Sure, we do
the same, but it isn't ever going to cure the disease.

begin by not using vulnerable client software

all the best