Firewall Wizards mailing list archives
Re: Re: Anybody Recognize These Uploads?
From: Christopher Hicks <chicks () chicks net>
Date: Sun, 5 Jan 2003 13:01:58 -0500 (EST)
On Sun, 5 Jan 2003, Paul D. Robertson wrote:
On Sun, 5 Jan 2003, Christopher Hicks wrote:Not really, most of the common executable types can be filtered without worrying about signatures. If you're allowing unzipped executables in, you probably need your head examined at this point in time for anything that's not a pure Linux shop, and even then, wine's getting a bit too good... If you're allowing .[something] and .[somethingelse], well...True enough. We have been using MailScanner ( www.mailscanner.info ) for virus checking and spam checking, but it filters on configurable extensions as well. It comes with a reasonable set of defaults that includes the above. I can see that most would differentiate virus checking and extention filtering, but for me they all came in the same ball of wax.Interestingly, one site has bounced this thread based on the occurance of .[somethingelse] in the text. The biggest problem I have with content filters is that they really need to be smarter, or there needs to be more care in their setup. If there was a new way to sneak .[somethingelse] through a filter, at least one company wouldn't ever get notifified of it. I really prefer the "quarentine and let the user come get it" approach for keyword filtering- with an admin option to make the quarentine off-limits based on a high percentage of quarentines over time, or other criteria.
That's why I don't filter! I know this is turning into a MailScanner advert, but this hits the big reason we went with it initially. It tags spam and lets the user decide whether to delete it or not. It can be configured to bounce spam, but given the diverse population my servers provide mail service for that'd be a nightmare. I do let it filter out the viruses and dangerous attachments into a quarantine by default, but content-filtering is only done to advise the end user. If the user wants to delete the mails that have {Spam?} in the subject or look at the SpamAssassin score (which we provided in the headers) to decide if it's high enough to put in their own personal quarantine, that's fine. We've had to whitelist various sources of content that SpamAssassin thought sounded like spam and we've had to let a few users get dangerous attachments, but otherwise it's taken care of itself. Happily, letting people have the option of deleting the spam with their own filters has left me with very few who are still on dial-up that ask me to delete it for them. Those folks have to sign a liability waiver before I will though. :) -- </chris> I would not, could not SAVE ON PHONE, I would not, could not BUY YOUR LOAN, I would not, could not MAKE MONEY FAST, (by I would not, could not SEND NO CA$H, Matthew I would not, could not SEE YOUR SITE, Kennel) I would not, could not EAT VEG-I-MITE, I do *not* *like* GREEN CARDS AND SPAM! Mad-I-Am! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Anybody Recognize These Uploads?, (continued)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? R. DuFresne (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gwendolynn ferch Elydyr (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Josh Welch (Jan 04)
- Re: Re: Anybody Recognize These Uploads? R. DuFresne (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 04)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Christopher Hicks (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Paul D. Robertson (Jan 05)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 05)
- Message not available
- Re: Re: Anybody Recognize These Uploads? Marcus J. Ranum (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Mike Hoskins (Jan 03)
- Re: Re: Anybody Recognize These Uploads? David Lang (Jan 03)
- Re: Re: Anybody Recognize These Uploads? Gary Flynn (Jan 03)