[Mimedefang] Re: Unsafe file types

Tue Dec 2 09:39:51 EST 2003

On Mon, 1 Dec 2003, Lee Dilkie wrote:

> Perhaps. But if you run an anti-virus scanner on your inbound mail (I run
> clamav), all 7MB/day would be presumably caught and discarded.

Not necessarily.  There's a window of time between the appearance of a new
virus and the release of new signature databases.  And why should I run
an AV scanner?  I have no use of any .exe, period.

> The network
> load won't improve just because you drop .exe's.

It's more the storage that I care about.  I archive every piece of e-mail,
incoming and outgoing, and my search tools would be much slower if I kept
all the .exes.

> But by only dropping real
> viruses, you're not inconviencing your users or making them jump through
> hoops to get their jobs done.

I am in the enviable position of being The Boss.  So by decree, my
users do not run Windoze.  Anyone who objects is free to either work
from home on his/her own computer (and take responsibility for its
security), or find employment elsewhere. :-)

> Blocking documents is especially bad,
> businesses run on them. Get a scanner that will scan for macro viruses.

I don't block documents.  We (grudgingly) accept Word docs, and open
them with OpenOffice.

> > And once no-one runs Windows, then we won't need to block based on
> > filename extensions.  However, the fact that Windows is ubiquitous
> > basically forces admins to do stupid and unfriendly things like block
> > extensions, pay money for virus-scanners, etc.

> You must be young :)

Nope.  I've been programming since 1982.

> I don't think this is a MS issue at all.

It is, to a large extent.  MS made some fundamentally stupid design
decisions.

> We would be
> dealing with the same issues regardless of which OS we were all using.
> Whatever is the biggest in the marketplace, is also the best target.

This is an oft-repeated myth.  Apache is more widely used than IIS, but
there are more IIS exploits than Apache exploits.

> Yeah, there sure are. But also remember who the enemy is here.

Sure.  The first enemy is the virus writer; no question about that.
The second enemy is Microsoft, which abuses its monopoly position.

> Now, as for the other comments regarding my original email. I certainly
> understand the attitude that you have to lock things down tightly because
> you're personally responsible for every desktop and the internel network in
> general. But you have to understand that people have to get their jobs done.

Actually, my staff get their jobs done just fine.

Regards,

David.