[rescue] Re: NetApps
vraptor at promessage.com
Fri Apr 9 08:08:23 CDT 2004
Phil Stracchino wrote:
> On Thu, Apr 08, 2004 at 10:17:36AM -0400, Kevin wrote:
>>I do not allow any *.zip files through our mail servers and i'm
>>able to keep my job just fine. Please enlighten me with your
>>proposed solution to the problem?
> I think the issue here is, "We're worried about viruses and trojans, but
> we're not going to bother actually SCANNING attachments, we're just
> going to block anything that has a .zip extension without bothering to
> check whether the filetype actually matches the extension or not, so if
> you want to trivially defeat our pathetic excuse for a security measure,
> just rename your .zip file to .scr or something."
Exactly. If you aren't really checking the file type, then
what's the point? And, since the mail systems are running on
Windows OSes *anyway*, it seems kind of trivial to scan the
attachments instead of just blocking all of them.
Not to mention *telling* everybody how to get around their
"system". A new meeting excuse I've been hearing about not
getting work done/providing information: "The document got
corrupted when I sent it from home to work, because I didn't know
I had a virus on my home computer."
*shakes head sadly*
This was from one of the project managers on a web-hosting
project for the gov't.
More information about the rescue