[Dshield] The little nightmare is back

Coxe, John B. JOHN.B.COXE at saic.com
Thu Sep 12 20:08:28 GMT 2002


Mark Challender wrote:

"Is there really any good reason to allow the executable extensions through
email?"

=============

In general, people should be blocking the three you stated, plus the windows
scripting host ones and similar (wsh, vbs, vbe, js, ...).

Now, if you are a VBS or JS development shop, that might not be as
practical.  A good work-around is to change the extension with a note to the
recipient to change it back on their desktop or zip it (with password, also
given in the message body, since some antivirus software even unzips
archives and scans).  exe attachments open up a can of worms.  A lot of
productive people distribute their work as self-extracting exes.  It's
harder, for that reason, to filter them by policy in some organizations.

Even if people hide extensions of common filetypes, mail readers like
Outlook will display the "true" filetype's Windows system icon.  Of course,
will they even bother noticing a binary or wsh icon where a text file one
should be?  Last I checked, custom icons cannot override that and there is
no mime header facility for setting an alternate icon.  If this is not true,
I (for one) would be very interested in the details.




More information about the list mailing list