Ray said: > On Tuesday 23 September 2003 15:12, Jacob Anawalt wrote: >> Jeronimo Pellegrini said: >> > On Tue, Sep 23, 2003 at 01:16:38PM -0600, Jacob Anawalt wrote: >> >> [snip] >> The latest churn on debian-user about Spam hasn't been UCE spam. >> It's been worm spam. I don't know anyone personally who likes to >> recieve WORM/Virus code in their inbox but it persists. I don't see >> a near-term solution for convincing the individuals who write this >> code. > > <rant> > > it seems to me the easiest solution would be for ISPs to have a > policy and software that supported the policy of no .exe .com .src > .pif .bat (etc...) attachments. any email will either be dropped or > have the attachment dropped and replaced with a short explination of > it being against policy and how to make a zip/gz/tar/whatever file if > they really want to send a .exe > > since most viruses now use bad mime headers for the attachment, we > won't be able to filter on that. i talked with my isp about it, but > for some reason one customer regularly sends a .exe and since they > don't want to make a policy change that would affect their customers > business we don't get to enable that feature on our email server. > > the downside of course will be that virus writers will then attach > .zips and use the normal social hacking they do now to get people to > open the attachment anyway. > > perhaps if someone wrote the "don't f*&$ open me"[1] virus and had it > go through a little tutorial about why not to open unknow attachments > have message go something like "I was foolish enough to open the > attachment, and since you are at risk of getting a message from me > with a virus, this attachment has forwarded itsself to you" > > [1] http://msn.bbspot.com/News/2002/01/open.html > > </rant> >
I am OK with that policy. The servers I maintain reject email with a windows executable attachment fingerprint with a message suggesting the sender zip the file. My workplace has had no issues with this policy. If more ISP's did this and blocked outgoing smtp that didn't relay through their servers that happened to scan inbound and outbound mail for viruses, maybe we'd be better off in the virus/worm scene. Maybe we'd all be happier, or maybe we'd have more frustration because what use to work doesn't. I think if you delete the attachment from the email you had better include some verbose explination that shows up in the html and text versions or change the subject. It's hard enough knowing if the other person forgot to attach the file or not without adding a reason to suspect your own mail server. Others hate the policy and will tell you horror stories of getting zip installed and talking people through zipping a file. Later viruses may send zipped copies and we have the same problem again, except that hopefully it's less data because it's zipped. Also, restrictions like no outgoing SMTP can be bad for people who run well managed SMTP services in an ISP's network. While waiting for your simpler solution to be enacted across every computer on the internet, I'll keep looking for some interim solution. :) -- Jacob Trying out SquirrelMail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
