Full Disclosure mailing list archives
RE: [inbox] Re: Re: E-Mail viruses
From: psz () maths usyd edu au (Paul Szabo)
Date: Sat, 6 Mar 2004 08:18:27 +1100 (EST)
Curt Purdy <purdy () tecman com> wrote:
An alternative is to allow only a proprietary extension through, like .inc. Legitimate senders would rename the file, be it .exe .doc .jpg, indicate in the body of the message what the true extension is, and the receiver merely renames it.Only the proprietary extension, i.e. .inc or .xyz or .whatever, would be allowed through, and since virus writers would never use this extension, it would eliminate ALL viruses at the gateway. The nice thing about this approach is that it completely eliminates the need for any anti-virus on the mail server since all virus attachments are automatically dropped without the need for scanning. Quite a simple, yet elegant solution, if I do say so myself.
Yes, it eliminates a large class of viruses. But, it would not do anything to "local" attacks (a virus modified specifically to handle your particular setup; and if it becomes widely used then "real" viruses will also do the same). Also it does nothing to viruses that do not use attachments: attacks on a "Subject:" buffer overflow, or a virus delivery via the web with a link or "Content-type: message/external-body". Also you might miss some attachments: "uuencoded block"s, or those within incomplete "Content-type: message/partial" bits. Within those limitations, it is a great idea to keep an organization free from "common" attacks. Cheers, Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: Re: E-Mail viruses bart2k (Mar 05)
- Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- <Possible follow-ups>
- RE: [inbox] Re: Re: E-Mail viruses Paul Szabo (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Hunter, Laura E. (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses MacDougall, Shane (Mar 05)