[Mimedefang] Re: Unsafe file types

[Kenneth Porter]

--On Monday, December 01, 2003 10:32 PM -0500 Lee Dilkie <lee at dilkie.com>
wrote:

> Perhaps. But if you run an anti-virus scanner on your inbound mail (I run
> clamav), all 7MB/day would be presumably caught and discarded. The network
> load won't improve just because you drop .exe's. But by only dropping real
> viruses, you're not inconviencing your users or making them jump through
> hoops to get their jobs done.

Until the virus comes in that the scanner doesn't know about. Blocking *all*
active content means you don't have to worry about whether the content is
malicious and your scanner hasn't caught up.

> Blocking documents is especially bad,
> businesses run on them. Get a scanner that will scan for macro viruses.

Or use a document format that isn't active. How about some kind of doc-to-RTF
converter spawned by MD that replaces active documents with presentation-only
documents? I'd love it if Open Office supplied such a utility.
 
> No matter how tight you clamp down on your email, they will find ways to
> transfer the documents and files they need to. {thinking back to the era
> when there were no attachments on email and uuencode was the perfered method
> of choice, perhaps we'll be there again}. But the trouble is, the more hoops
> they jump through, the less productive they'll be.

One hopes that users clever enough to jump through hoops are clever enough not
to blindly click on active attachments. This of course would not be an issue
if the most popular email client weren't so ready to run that active content
on your behalf. Much of the effort of filters like MD is to make up for the
promiscuity of that client.