[Mimedefang] Thoughts on list of "bad" extensions
Kelson Vibber
kelson at speed.net
Fri Aug 15 12:12:01 EDT 2003
At 10:44 PM 8/14/2003, Steffen Kaiser wrote:
>I do not see any difference between .ASF and .EXE in the Windows world.
>The Win shell invokes the .ASF files by executing the media player, just
>like executing .EXE files. If any of them is infected, it's done.
There is a difference. An EXE file can do anything it wants, so it's
always dangerous. A data file is limited by the application that handles
it, unless that application contains a security vulnerability. In the case
of an ASF file, if the media player is up to date with patches, it doesn't
matter if it's infected. Obviously we can't assume everyone's patches are
current, given the large number of people who keep getting hit with things
like Blaster, but I do think it is a significant difference.
A few years ago, there was a buffer overflow in Netscape's JPEG
handler. Should we block JPEGs? Last year there was the zlib
vulnerability. Should we block PNG and TAR.GZ? Word and Excel files can
contain macro viruses. Should we block those? The Mimail virus uses a ZIP
file. Maybe we shouldn't trust ZIP files anymore.
Yes, the line has to be drawn somewhere. I'm just beginning to think it
might be worth moving.
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list