[Full-Disclosure] Re: E-Mail viruses
nick at virus-l.demon.co.uk
Sun Mar 7 06:32:54 GMT 2004
starwars <nobody at tatooine.homelinux.net> to Curt Purdy:
> > Methinks you misunderstand. Only the proprietary extension, i.e. .inc or
> > .xyz or .whatever, would be allowed through, and since virus writers would
> > never use this extension, it would eliminate ALL viruses at the gateway.
> > The nice thing about this approach is that it completely eliminates the need
> > for any anti-virus on the mail server since all virus attachments are
> > automatically dropped without the need for scanning. Quite a simple, yet
> > elegant solution, if I do say so myself.
> Elegant, indeed. Have an MCSE on that.
> I wonder why virus writers didn't think of that yet.
What makes you think they haven't?
Oh -- and why (depending on the OS) do you think it is even necessary
to include the step involving instructions to _rename_ the attachment
to a .EXE extension??
Of course, for folk with _proper_ incoming filetype filters, the
attachment's (suggested) extension in the MIME headers (and its
suggested type in the same) is irrelevant. It has long been known that
Windows file-typing is dependent on way more things than just a file's
extension (though Microsoft is rather reluctant to advertise this fact
or even to explain all the ways that file-typing is achieved -- the
cynics reckon this is because the folk who wrote the mish-mash of code
that passes as an OS actually have no collective idea of how all the
inter-related bit-parts can inetrract so cannot produce a definitive
list; the less polite explanation questions their collective intellect
and the effect the historical domination of the marketing objective of
"make it work regardless" over any other programming and development
culture (such as "do it well") has had).
Full-Disclosure is hosted and sponsored by Secunia.