Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Fri, 21 Nov 2003 09:36:29 +1300
 


-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Brown, Nicholas
Sent: Friday, 21 November 2003 3:48 a.m.
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

Bojan Zdrnja Wrote:
...

That is why you should implement content blocking at your e-mail server.
There is absolutely no reason to allow .scr files to go around. If you

had

this blocked, it would stop MiMail-I without AV updates.
Also, note that this attachment has double extension, which should also

be

automatically blocked.

...

It should be pointed out that blocking files with multiple extensions is
not good idea, as this would interfere with lots of legitimate,
non-executeable file types, such as .tar.gz.


Agreed (although - most users will send Windows attachments ;-).

Anyway, for that purpose, a regular expression like:

\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com)

Will do it. Amavisd-new has a nice default example for this.

Regards,

Bojan Zdrnja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: