RE: Restrict certain file types on a Windows 2000 share

["Murda Mcloud" <murdamcloud () bigpond com>]

You could also check out sorter
http://www.sleuthkit.org/sleuthkit/man/sorter.html
Also there is a tool called foremost that can ident files by looking at the
headers etc inside the file so maybe that could somehow used. It is
primarily used for recovery but I don't know whether it could have some
application.
http://foremost.sourceforge.net/

I don't know if there is an equivalent windows tool for doing this kind of
thing. Would be great if there was.
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Ansgar -59cobalt- Wiechers
Sent: Monday, September 10, 2007 11:21 PM
To: security-basics () securityfocus com
Subject: Re: Restrict certain file types on a Windows 2000 share

On 2007-09-06 Mary Hendrix wrote:
> Second, I was wondering if there is a way to prevent users from
> storing mp3 or other file types on a shared disc that is supposed to
> be used only to store .doc, .xls and so.

No. A file's name is not related to it's content, and a file's content
is not inspected when it's stored on a share. Thus an MP3 could actually
be given a name like my_new_mp3.xls to bypass name restricitions.

What you can do is set up a policy that prohibits storing certain file
types, and then periodically run a script that checks the actual type of
files stored on the shares (with something like the Unix "file" command)
and deletes files that violate the policy.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq