mailing list archives
Re: Re: E-Mail viruses
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 07 Mar 2004 19:32:54 +1300
starwars <nobody () tatooine homelinux net> to Curt Purdy:
Methinks you misunderstand. Only the proprietary extension, i.e. .inc or
.xyz or .whatever, would be allowed through, and since virus writers would
never use this extension, it would eliminate ALL viruses at the gateway.
The nice thing about this approach is that it completely eliminates the need
for any anti-virus on the mail server since all virus attachments are
automatically dropped without the need for scanning. Quite a simple, yet
elegant solution, if I do say so myself.
Elegant, indeed. Have an MCSE on that.
I wonder why virus writers didn't think of that yet.
What makes you think they haven't?
Oh -- and why (depending on the OS) do you think it is even necessary
to include the step involving instructions to _rename_ the attachment
to a .EXE extension??
Of course, for folk with _proper_ incoming filetype filters, the
attachment's (suggested) extension in the MIME headers (and its
suggested type in the same) is irrelevant. It has long been known that
Windows file-typing is dependent on way more things than just a file's
extension (though Microsoft is rather reluctant to advertise this fact
or even to explain all the ways that file-typing is achieved -- the
cynics reckon this is because the folk who wrote the mish-mash of code
that passes as an OS actually have no collective idea of how all the
inter-related bit-parts can inetrract so cannot produce a definitive
list; the less polite explanation questions their collective intellect
and the effect the historical domination of the marketing objective of
"make it work regardless" over any other programming and development
culture (such as "do it well") has had).
Full-Disclosure - We believe in it.