I don't think opening up a live FTP server on a network is a good security trade-off for allowing *.exe files through the URLScan filter. In my opinion, opening up the FTP server poses more of a security risk. And since many people customize their Citrix apps before deploying them to clients and/or employees, going directly to Citrix for the download doesn't always work either.
Perhaps a better solution would be to ZIP the Citrix Client but not make it self-extracting, so that it has the *.zip extension instead of *.exe. Then you could allow *.zip to pass through the URLScan filter while still blocking executables. Thoughts? Jon Bonner -----Original Message----- From: dumbwabbit [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 11:13 AM To: Bonner, Jon; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: URLScan Hmm, I would NOT recommend opening up the .exe extension. Rather, you may want to consider redirecting them to an FTP site, either your own, or the Citrix download location (if there is one, sorry I don't know, never used this client). Baaaaaad security risk to allow .exe just my .000002
