[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- To: <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
- From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>
- Date: Fri, 21 Nov 2003 09:36:29 +1300
> -----Original Message-----
> From: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Brown, Nicholas
> Sent: Friday, 21 November 2003 3:48 a.m.
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
>
> Bojan Zdrnja Wrote:
> ...
> >That is why you should implement content blocking at your e-mail server.
> >There is absolutely no reason to allow .scr files to go around. If you
had
> >this blocked, it would stop MiMail-I without AV updates.
> >Also, note that this attachment has double extension, which should also
be
> >automatically blocked.
> ...
>
> It should be pointed out that blocking files with multiple extensions is
> not good idea, as this would interfere with lots of legitimate,
> non-executeable file types, such as .tar.gz.
Agreed (although - most users will send Windows attachments ;-).
Anyway, for that purpose, a regular expression like:
\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com)
Will do it. Amavisd-new has a nice default example for this.
Regards,
Bojan Zdrnja
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html