Chris Tyler <chris @
dejong .
com> wrote:
>
>Slava Kritov writes:
>
>> Any uuencode ?
>> Sorry, as a sysadm of 500+ orgs can say, that people sometimes exchange
>> word docs in uuencode, and ( for Mac's ) you can't even say its word doc
>> based on name ...
>
>Right... so? The purpose was to deny all attachments, whether word DOCs or executables. So
>you look for the uuencode signature string and deny.
But by only looking for the 'signature's of known binary encoding formats
you then open yourself up for people to create their own encoding formats
to get around your scan for, and restriction on encoded message enclosures.
3 possibilities for getting around a scan for known encoding signatures :
1. rot13 a uuencoded file before e-mailing it. Describe in the message
how to unrot13 the message before uudecoding it.
2. Use an (admittedly) inefficient format for encoding binary, such as:
RAVE AFRO STUB DAM HONE HAY
CLAD WILL JOIN PET LONG WEED
...
The recipient will need a decoder of course.
3. PGP encrypt the entire message before transmitting. How will the
mail scanner know what is inside the message? Are you going to
reject all encrypted messages? I think that encrypted messages
will increasingly become the norm on the Internet as PC based
mail programs incorporate automatic easy-to-use PGP encryption.
- Morrow
Follow-Ups:
|
|
