[Clamav-users] Re: Compression limit ..... Much too low for me :(

Sun, 29 Aug 2004 21:24:04 -0700

Have you considered auto-converting the .bmp to a .jpg, and remiming the message? Also, stripping the image and putting it into a temporary web link(expires and deletes say after 12 hours)?

Both might be options to use on your users.... I have many similar things I've had to do to keep security high and resources low.

Lionel Bouton writes:

Jason Haar wrote the following on 08/29/2004 11:26 AM :

On Wed, Aug 25, 2004 at 07:42:24AM -0400, Jim Maul wrote:


webmasters using BMPs?? I'd leave it at 200, tell him to use jpgs or pngs and



That's a very rough response... I mean - I agree with you - but people will
be people.

I personally think that compression option should be classified the same way
as the "encrypted zip file" option: disabled by default, and should have
more of a description as to why and how you should set it.



Disabling it would probably cause problems on high traffic mail servers if mail bombs come their way... You need disk space to decompress these files and CPU time to decompress and scan.

I disabled it as we had too many people who seem to be sending large BMP
files around: instead of the naive, non-IT end-user trying to find some TOOL
to convert their BMP to a JPG, they did the next smart thing and put it into
a ZIP file - thus getting the great compression they were after before
e-mailing it off. (I haven't had time to figure out what ratio would be high
enough to allow all such files in, so have disabled instead of setting it
higher - which I would actually prefer)

To blame users for such an action is a bit extreme...

Not everyone is a Linux user or a Windows programmer/designer - like we are
;-)





No, but if you tell them BMP is bad (with some explanations like : they reduce the network performance, can be blocked by the destination mail server anyway, need more powerfull computers to process -> money not going into their salary in the end...), block high ratio zips and make sure they all have the software to make GIF/PNG and have a web page on a "knowledge base" web server showing how to save the files in these formats with some screen caps, they will learn.

If you don't educate your users you'll end up with more and more problems to solve (regular virus cleaning, server load going through the roof, having to pay for big pipes and expensive servers to cope with their monstruous files and belief that SMTP is a file distribution protocol, ...).

Regards,

Attachment: pgpNodsK6Cs7E.pgp
Description: PGP signature

Reply via email to