Re: [OT] a patch of MICROSOFT_EXECUTABLE

[Fred <sp...@freddyt.com>]

Lucas Albers wrote:
> As a general security measure your MTA should block the following
> extension types, set as a perl regular expression.
> This includes clsid's.
>
> $bad_exts =
>
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|ht
o|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|s
cr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]
+\})';


This looks like the default list which comes with MIMEDefang, just a word of
caution, some of you might want to remove a few of those, especially:

.MDB  = Access Database - many people really do send these in e-mail.
.INF = Not really sent, but not harmful either.
.INI = same as above.
.HLP = I send people help files often, this is not harmful is it?
.INS = This is awful to block, it's used by ISPs to sign up customers, it's
an Internet Setup File, same as .ISP
.REG = I send these to customers, also people who need help fixing problems
with software I've made.  It's not uncommon for techies to send these files.
.URL = This is sent when you use Internet Explorer, Send -> Link By E-mail
feature, don't want to block those, people send those a lot.

Re: [OT] a patch of MICROSOFT_EXECUTABLE

[Loren Wilton <lw...@earthlink.net>]

> This looks like the default list which comes with MIMEDefang, just a word
of
> caution, some of you might want to remove a few of those, especially:
>
> .INF = Not really sent, but not harmful either.

Well, you can actually run programs and suchlike using an INF file if you
know what you are doing.  Might be able to muck up other things also.  But
I'm pretty sure you couldn't install a virus with it unless the virus also
came in the same email.

        Loren