Sure it's easy when you block by rep_mime_type application/octet-stream

Then you're not blocking by a file extension. I would never think of "blocking" 
by file extension. Too many ways around it. We've seen programs that will take 
an executable and convert to either an html file or a php. The aforementioned 
method blocks these and many other executable methods.

Try it, you'll like it.

Thomas J. Raef
e-Based Security, LLC
"You're either hardened, or you're hacked!"

> -----Original Message-----
> From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED]
> Sent: Thursday, October 25, 2007 1:12 PM
> To: Thomas Raef; Squid Users
> Subject: Re: [squid-users] Re: block spyware with squid
>     Once i tried that and had LOTS of false-positives with Windows CGI
> based applications, just like:
>  ....
>     myscript.exe is not a downloadable file, it's a script that will be
> executed and return HTML code to the browser.
>     And there's all those URLs that will reply with a executable
> download but has no .exe on the URL ...
>     It's a simple idea, but not as easy to implement as it seems.
> Thomas Raef escreveu:
> > Why not block all executables except from a list of whitelisted sites?
> >
> > Allow,,,...
> >
> > That negates the need for signature based detection.
> >
> --
>       Atenciosamente / Sincerily,
>       Leonardo Rodrigues
>       Solutti Tecnologia
>       Minha armadilha de SPAM, NÃO mandem email
>       My SPAMTRAP, do not email it

Reply via email to