Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: E-Mail viruses
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 07 Mar 2004 19:32:54 +1300

starwars <nobody () tatooine homelinux net> to Curt Purdy:

Methinks you misunderstand.  Only the proprietary extension, i.e. .inc or
.xyz or .whatever, would be allowed through, and since virus writers would
never use this extension, it would eliminate ALL viruses at the gateway.
The nice thing about this approach is that it completely eliminates the need
for any anti-virus on the mail server since all virus attachments are
automatically dropped without the need for scanning.  Quite a simple, yet
elegant solution, if I do say so myself.

Elegant, indeed. Have an MCSE on that.
I wonder why virus writers didn't think of that yet.

What makes you think they haven't?

Oh -- and why (depending on the OS) do you think it is even necessary 
to include the step involving instructions to _rename_ the attachment 
to a .EXE extension??


Of course, for folk with _proper_ incoming filetype filters, the 
attachment's (suggested) extension in the MIME headers (and its 
suggested type in the same) is irrelevant.  It has long been known that 
Windows file-typing is dependent on way more things than just a file's 
extension (though Microsoft is rather reluctant to advertise this fact 
or even to explain all the ways that file-typing is achieved -- the 
cynics reckon this is because the folk who wrote the mish-mash of code 
that passes as an OS actually have no collective idea of how all the 
inter-related bit-parts can inetrract so cannot produce a definitive 
list; the less polite explanation questions their collective intellect 
and the effect the historical domination of the marketing objective of 
"make it work regardless" over any other programming and development 
culture (such as "do it well") has had).


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]