[rescue] Re: NetApps

Phil Stracchino alaric at caerllewys.net
Thu Apr 8 10:39:41 CDT 2004

On Thu, Apr 08, 2004 at 10:17:36AM -0400, Kevin wrote:
> I do not allow any *.zip files through our mail servers and i'm
> able to keep my job just fine.  Please enlighten me with your
> proposed solution to the problem?

I think the issue here is, "We're worried about viruses and trojans, but
we're not going to bother actually SCANNING attachments, we're just
going to block anything that has a .zip extension without bothering to
check whether the filetype actually matches the extension or not, so if
you want to trivially defeat our pathetic excuse for a security measure,
just rename your .zip file to .scr or something."

 .*********  Fight Back!  It may not be just YOUR life at risk.  *********.
 : phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
 :  alaric at caerllewys.net|phil-stracchino at earthlink.net|phil at novylen.net  :
 :   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)   :
 :    Linux Now!   ...Because friends don't let friends use Microsoft.    :

More information about the rescue mailing list