Date: Tue, 4 Dec 2001 22:36:58 -0600 From: Anthony Kim <niceshorts@yahoo.com> To: Alfred Perlstein <bright@mu.org> Cc: Landon Stewart <landons@uniserve.com>, freebsd-security@freebsd.org Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!! Message-ID: <20011205043658.GA33571@boethius.telocity.com> In-Reply-To: <20011204214810.G92148@elvis.mu.org> References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com> <3C0D8959.5080500@uniserve.com> <20011204214810.G92148@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 04, 2001, Alfred Perlstein wrote: > * Landon Stewart <landons@uniserve.com> [011204 20:41] wrote: > > > > > For an idea, Eudora (eudora.com) has a somewhat comprehensive > > list of attachments that generate warnings when someone tries > > to open them. They keep this list updated and make it an > > updatable part of their mail client. > > > > This list would give someone a good start as to what to block > > for extensions. > > Since this is a security list I'm going to repeat myself one > last time. Take a deep breath Alfred. > It's a LOT better to have allow(list)->deny(*) than > deny(list)->allow(*). Ever notice how as the viruses keep > coming they keep mutating the extentions? A deny->allow will > not work to stop those before it is too late. One should > observe similar precautions when doing other such ACLs, take > for instance file permissions, would it make sense to list a > file as: > > deny access to this file from web-dev group allow all others > access. > > or allow access to this file from eng and eng-mgmt deny from > all others. Alfred is correct of course. In most contexts, this is a sound policy. I believe Landon and I crossed contexts however in implying that in business, the dropping of all attachments is typically found to be unacceptable, therefore one hopes to perform due diligence with the next best thing. For my company and companies like mine, deny(list)->allow(*) for mail is an acceptable risk. Surely, I should have made the contextual distinction clearer. So let's end this off topic discussion. -- "Le motd juste." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011205043658.GA33571>