[Mimedefang] Thoughts on list of "bad" extensions
Kelson Vibber
kelson at speed.net
Thu Aug 14 14:23:00 EDT 2003
Most of the files that my mail server defangs seem to be Windows Media
files, mainly .asf and .wmz. I generally figured this wasn't a problem,
but recently my (generally computer-savvy) fiancee forwarded herself a
video clip from work and was concerned when she saw the defang notice.
I've cleared up the wording since then. The old message stated "It is
possible that this file may contain a virus or other harmful program" -
waffle-language to be sure, but it still implied that something looked
suspicious. It now states that the *type* of file can contain viruses, etc.
I also recently read a comment about the proliferation of warning labels on
products. (At least in the United States, it seems like everyone is
slapping on warnings like "Do not use hair dryer while sleeping.") The
remark was that, as frivolous warnings become more and more prevalent,
people start to ignore *all* the warnings, including the important
ones. Something similar happens when a software UI pops up too many
confirmation dialogs: people start clicking on OK without reading them.
I'm beginning to wonder if it's worth including media and other data files
in the list of bad extensions. Is it worth defanging every video clip or
player skin sent because someday someone *might* send one with an exploit
before the virus scanners pick up on it? Or would it be better to separate
out the high-risk file types (i.e. executables) from the medium-risk ones?
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list