[Mimedefang] Re: Unsafe file types

[Lucas Albers]

Depends on your current situation.
I can't block office extensions, and I realize I have a window of
vulnerability if a a new office virus comes out.
I block a huge number of other attachments, and have had 100,000's of mail
messages go through, and never had a single complaint.
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';

I also strip out html to protect against activex/html exploits, and strip
out web bugs so spammers don't know if anyone has seen their spam.

I thought I would get complaints with stripping html, but I have been
stripping html since july and no one has complained.

I also block the maximum level of mimeparts:
$MaxMIMEParts = 15;

Because virus scanners can't seem to scan attachments that have to many
mimeparts.

--Luke

> My issue is with blocking documents, doc's for example, because they
> "might"
> contain harmful macros. That's definately going to impact a lot of people
> in
> some organizations (excluding David's windoze-less sweatshop ;) of
> course).
>
> It's a tough problem, for sure. No easy answers.
>
> Spam and worms are another matter. They are not legimitate communications
> so
> I don't see how you think I wouldn't want to block those. And one can get
> a
> pretty decent blockage rate with the tools we have (and are developing)
> with
> a low false positive rate. My issue is with blocking all sorts of useful
> attachment file extensions. Those have a business impact.
>
> -lee (bulleye painted on back).
>
>
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>