GrayHat wrote: > well; I don't think that stripping attachments is a job for > ASSP, all in all such a feature has nothing to do with junk > email filtering :)
Just to add my 2 cents worth. I disagree. I use attachment stripping in my environment. My firewall currently does it by way of proxy. It strips the attachment and then adds an explanation file in place of the attachment. I "only" use this functionality to strip executable attachments (meaning anything that can be executed as a program). "Knock on Wood", but I have not had a single virus/malware get into my network through email with this approach (except that it was inside a .zip file and the AV didn't have signatures to detect it). But I temporarily quarantine archive files in another program before letting them go to the end user just to make sure (you know "Big Brother" and all). I also temporarily quarantine any emails that have had their attachments stripped (a majority of them are from people we work with that don't know any better). Our environment is small enough that it is easily manageable. > it's more something which should be done > at the MTA level; and there already are programs which allow > you to do so, for Exchange there is > http://www.madsolutions.com/ES/Main.htm which allows to strip > off the attachments and replace them with an URL or an SMB > path for other mailserver you may use scripts or the like It's really nice and all, but that can turn into a pretty expensive solution. It's also more of an Email Archival type of a program. > On the other hand, attachment *blocking* imVHo is good to > have and isn't "something from the past" :) consider that > recent malware mutates quickly, so an AV may not be able to > detect a new variant of a given worm; this in turn means that > blocking "executable" mail attachments (especially if coming > from "the outside") isn't a bad idea at all Is there a perfect medium? I think that both capabilities are feasible in ASSP. Does everyone run ASSP with the same configuration? I highly doubt it. Case in point, then why should you force everyone to use just "blocking or just "stripping" when you can have both functionalities and let people choose (I prefer stripping, but that's just me)? If my firewall can do it using a smtp proxy why can't ASSP (which is also a proxy)? Just saw your latest email Fritz, that you've included it in 2.0. That's Great! Kind Regards, Brett ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
