Joe Maimon wrote: > I may be in the minority here but I strenuously object to the "banned > extensions" methodology. Especialy when implementing outside of the SMTP > layer.
> For a service provider its a hassle for their customers. An internal > corp. may be able to inflict such abuse on its users, but not an SP. Thought I would change this to a new thread to stop the thread purists becoming annoyed ;) Must admit, I couldn't agree more on that part. I do, however, block quite a few attachment types. When was the last time you saw a valid .scr or .pif in an email :) As Stephen Gran mentioned in his reply, greylisting is also very effective at dissuading the one shot wonder attempts, as they tend to try once or change the sender address each time, thereby never gaining a valid triplet, and it only causes a slight delay in mail delivery times. That is the point, however, that I am trying to make. There are a shedload of solutions that can whittle down the amount of virii that ever reach the filtering/scanning stage of an email system, and once the remaining few, (few in relative terms), reach the filtering scripts, you can whittle them down, by various methods, to an even smaller proportion, before they ever need to be virus scanned. A cascade of various options, applied in the correct sequence, can make a fairly good barrier to the virus ingress. Virii evolve, and are created more quickly, and in more variation, than exploits or workarounds are found for existing software and access enforcement methods. Thereby, filtering on the variables that change at a slower rate of pace, whether it be by greylisting, extension type, or software vulnerabilities, will generate a larger blockage rate than allowing the virii to get to a line of defence which has to be kept constantly upto date to catch the rapidly evolving nature of the problem. Blocking on the constants first, then variations, and then morphs last, will yield a greater blockage rate. Matt ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
