View Full Version : FQ builtin filter - exec content
03-24-2008, 02:09 PM
I use the Built-In email filter 'Executable Content', set to delete (which sounds reasonable to me... )
"For messages with attachments containing an executable Window's signature in MIME encoded data."
But, what does the description actually mean, ie what kinds of files might these reasonably and unreasonably be?
03-25-2008, 05:01 PM
This filter matches messages containing base64 encoded sections (that is, attachments) that start with with content that identify the binary data as an executable DOS or Windows file. There are several signatures used which will identify all such executables known when the filter was written. If you find a program which bypasses the filter, please let us know and we will adjust the test accordingly.
03-25-2008, 09:16 PM
Bruce, that was so far over my head I get dizzy looking up!
I've enabled this filter to 'delete' - seemed reasonable based on the description. But, am I also killing 'legitimate' emails?
03-25-2008, 09:49 PM
What Bruce is basically saying, is any attachment that appears to our server to be a Windows executable file will be affected by that filter.
We wouldn't really be able to say whether you're killing "legitimate" messages. Do you expect to receive Windows executable files via email attachment?
03-25-2008, 10:10 PM
Oh, as a follow-up to my previous post...
As I noted, it is a situation where the filter affects what appears to be a Windows executable file attachment. It's possible for the server to make errors either way, although they are rare. The main reason for using a filter of this type is to prevent trojans and viruses from getting into your email program and infecting your local computer.
03-26-2008, 10:37 AM
As I think I understand the above, the filter does much the same as the 'executable attachments' filter (exe, pif, scr, etc), except against these types of files actually embedded in the email content? Which is fine with me.
03-27-2008, 03:02 PM
The executable attachment filter matches based on the extension on the given filename. So, it matches any attached file named something.exe or something.com etc. The executable content filter matches based on the actual content of the attachment itself, no matter what the filename is. The filename matching will miss executable files with modified filenames, while the content filter will miss scripts and other executable content that don't have predictable content. As such they are complementary for those who want full coverage.
vBulletin® v3.6.8, Copyright ©2000-2013, Jelsoft Enterprises Ltd.