[Mimedefang] Latest Worms and IE Exploits
Kris Deugau
kdeugau at webhart.net
Fri Sep 19 13:21:00 EDT 2003
"David F. Skoll" wrote:
> Are there really any good reasons to allow these kinds of attachments
> in? Just curious as to why anyone (who runs Windows) would possibly
> want to allow them in.
.exe for ISP (or any other) tech support sending patches and updates to
customers. :/ No, it's not ideal, but it can be useful. I'd rather
post the file to a website, personally; and send a complete literal
address to the file in the email, but that's not always possible. :(
I can't see any good reason to allow bare .pif or .scr files; .bat
files may be legit (passing a backup script, or some other
DOS-command-line-helper to a friend) but most "real" .bat files will be
short (<1K -> ~3-4K). I've seen a *very* few 10K batch files, but not
many.
In most people's general email, however, there's *very* little reason to
ever send anything executable by email at all.
I discovered yesterday that RAV must have some heuristic AV detection
code in it; it tagged a few messages on the filter server here as
"NewMalware.gen!". clamav didn't trigger on it when I cross-checked to
try to find out what it was.
-kgd
--
<erno> hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.
More information about the MIMEDefang
mailing list