[Mimedefang] When to do Virus checks
Paul Murphy
Paul.Murphy at argentadiscovery.com
Thu Nov 30 11:29:23 EST 2006
> I think you don't need a virus check at all, if you reject
executable
> file attachments. That's what a few years of experience tells me.
Take a virus packaged as an executable file, rename it to README.TXT,
and send it as an attachment to 100 domains with a message which says
"Your e-mail system wouldn't allow me to send you this great video, so
I've renamed it - save it as runme.exe, and give it a go".
How many domains would accept it?
I'd be prepared to wager that 90% plus would allow it through...because
they have configured their virus scanner to only scan potentially
damaging files, and they decide that a file is potentially damaging
based on the user-provided file extension.
Paul.
More information about the MIMEDefang
mailing list