> > Dennis Peterson wrote: > > Probably not what you're looking for, but I've added your domain to my > > list of blocked domains because you present yourself as someone who > > doesn't understand the importance of this process, nor the nature of > > infected payloads, regardless of the wrapping they come in. Password > > protected archives are a common way to distribute viruses. > > Care to offer anything more constructive than just hostility? Why don't > you tell us what you would recommend? > > If a customer wants to send and/or receive any file that is on the > banned list, how would you handle it?
What is the purpose of a "banned" list if everything on the list is not banned? Attachments on my banned list are banned, period. Attachments not banned are scanned with two different scanning tools, one of which is ClamAV. This is still not a perfect world and you can't get to a perfect world with SMTP but it's probably good enough. You either take from your banned list those dangerous file types you mentioned (and which will cause you to remain in my blacklist), or you ban them and educate your user base. If you set up a file exchange server to allow uploads of these types of files, all you've done is provide a back door for dangerous files which could, if infected, impact systems outside yours. This could be considered irresponsible behavior. Renaming files won't work as file names have no significance in virus and dangerous file detection. You could run them through a reverser where the first byte becomes the last byte, and then undo that at the recipient end, or pass them through crypt to create a wholly obfuscated file. The encrypted files' name could be the password for reversing the encryption. Ok, so now you have a way to exchange dangerous files. Why bother with AV then? dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
