Firewall Wizards mailing list archives
Re: Re: Anybody Recognize These Uploads?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Sun, 5 Jan 2003 12:38:17 -0500 (EST)
On Sun, 5 Jan 2003, Christopher Hicks wrote:
Not really, most of the common executable types can be filtered without worrying about signatures. If you're allowing unzipped executables in, you probably need your head examined at this point in time for anything that's not a pure Linux shop, and even then, wine's getting a bit too good... If you're allowing .[something] and .[somethingelse], well...True enough. We have been using MailScanner ( www.mailscanner.info ) for virus checking and spam checking, but it filters on configurable extensions as well. It comes with a reasonable set of defaults that includes the above. I can see that most would differentiate virus checking and extention filtering, but for me they all came in the same ball of wax.
Interestingly, one site has bounced this thread based on the occurance of .[somethingelse] in the text. The biggest problem I have with content filters is that they really need to be smarter, or there needs to be more care in their setup. If there was a new way to sneak .[somethingelse] through a filter, at least one company wouldn't ever get notifified of it. I really prefer the "quarentine and let the user come get it" approach for keyword filtering- with an admin option to make the quarentine off-limits based on a high percentage of quarentines over time, or other criteria. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Anybody Recognize These Uploads?, (continued)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? R. DuFresne (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gwendolynn ferch Elydyr (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Josh Welch (Jan 04)
- Re: Re: Anybody Recognize These Uploads? R. DuFresne (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 05)
- Message not available
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? David Lang (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 03)