On 03/05/2018 08:00 AM, RW wrote:
On Sat, 3 Mar 2018 21:21:49 -0500
Alex wrote:
Hi,
I'm curious what people use to avoid malware executable being bypassed
because their extensions are typically associated with file types that
are not normally executable?
https://twitter.com/jepayneMSFT/status/969742842410094593
Hiding an executable with a .jpg extension doesn't sound like a very
useful technique. The user would have to save the file, edit the file
name and then run it.
I use MailScanner and can't speak for other SA-wrappers. MailScanner
checks file attachments even inside archives to find the true file type
-- not just blindly accepting the file extension. It blocks executables
that have been renamed and other odd-named files with double extensions
that try to trick the user into opening them.
--
David Jones
