[Mimedefang] Re: Unsafe file types
Lee Dilkie
lee at dilkie.com
Wed Dec 3 07:36:16 EST 2003
> The problem is that this isn't practical. Spam/viruses/worms
> are in fact a
> massive denial-of-service attack, and until a better solution
> comes along,
> mail filtering is the only way to deal with it. We have
> already decided to
> inspect private email to determine whether it should be
> delivered or not. We
> therefore have a responsibility to filter efficiently, with a
> minimum of
> false positives. ("First, do no harm"). Blocking executable
> attachments
> meets this requirement; it is efficient, and the false
> positive rate is low.
> That is the best we can do for now.
>
Blocking executables directly, exe's bat's, com's scr's and pif's.. Okay, I
can see how that's probably not going to cause much grief. Unless you work
in a code shop, then programmers get impacted when they can't email exe's
around. But who cares about them.
My issue is with blocking documents, doc's for example, because they "might"
contain harmful macros. That's definately going to impact a lot of people in
some organizations (excluding David's windoze-less sweatshop ;) of course).
It's a tough problem, for sure. No easy answers.
Spam and worms are another matter. They are not legimitate communications so
I don't see how you think I wouldn't want to block those. And one can get a
pretty decent blockage rate with the tools we have (and are developing) with
a low false positive rate. My issue is with blocking all sorts of useful
attachment file extensions. Those have a business impact.
-lee (bulleye painted on back).
More information about the MIMEDefang
mailing list