|
|
|
03-24-2008, 02:09 PM
|
Postid: 166461
|
|
Registered User
Join Date: May 2007
Location: Charlotte, NC, USA
Posts: 189
|
FQ builtin filter - exec content
I use the Built-In email filter 'Executable Content', set to delete (which sounds reasonable to me... )
"For messages with attachments containing an executable Window's signature in MIME encoded data."
But, what does the description actually mean, ie what kinds of files might these reasonably and unreasonably be?
|
|
|
|
03-25-2008, 05:01 PM
|
Postid: 166486
|
|
Developer
Join Date: Apr 2001
Location: Saskatoon, SK, Canada
Posts: 1,182
|
Re: FQ builtin filter - exec content
This filter matches messages containing base64 encoded sections (that is, attachments) that start with with content that identify the binary data as an executable DOS or Windows file. There are several signatures used which will identify all such executables known when the filter was written. If you find a program which bypasses the filter, please let us know and we will adjust the test accordingly.
|
|
|
|
|
03-25-2008, 09:16 PM
|
Postid: 166488
|
|
Registered User
Join Date: May 2007
Location: Charlotte, NC, USA
Posts: 189
|
Re: FQ builtin filter - exec content
Bruce, that was so far over my head I get dizzy looking up!
I've enabled this filter to 'delete' - seemed reasonable based on the description. But, am I also killing 'legitimate' emails?
|
|
|
|
|
03-25-2008, 09:49 PM
|
Postid: 166492
|
|
Site Owner
Join Date: Aug 1999
Location: Metro Los Angeles Area
Posts: 7,398
|
Re: FQ builtin filter - exec content
Jim,
What Bruce is basically saying, is any attachment that appears to our server to be a Windows executable file will be affected by that filter.
We wouldn't really be able to say whether you're killing "legitimate" messages. Do you expect to receive Windows executable files via email attachment?
|
|
|
|
|
03-25-2008, 10:10 PM
|
Postid: 166494
|
|
Site Owner
Join Date: Aug 1999
Location: Metro Los Angeles Area
Posts: 7,398
|
Re: FQ builtin filter - exec content
Oh, as a follow-up to my previous post...
As I noted, it is a situation where the filter affects what appears to be a Windows executable file attachment. It's possible for the server to make errors either way, although they are rare. The main reason for using a filter of this type is to prevent trojans and viruses from getting into your email program and infecting your local computer.
|
|
|
|
|
03-26-2008, 10:37 AM
|
Postid: 166506
|
|
Registered User
Join Date: May 2007
Location: Charlotte, NC, USA
Posts: 189
|
Re: FQ builtin filter - exec content
As I think I understand the above, the filter does much the same as the 'executable attachments' filter (exe, pif, scr, etc), except against these types of files actually embedded in the email content? Which is fine with me.
Michael
|
|
|
|
|
03-27-2008, 03:02 PM
|
Postid: 166512
|
|
Developer
Join Date: Apr 2001
Location: Saskatoon, SK, Canada
Posts: 1,182
|
Re: FQ builtin filter - exec content
The executable attachment filter matches based on the extension on the given filename. So, it matches any attached file named something.exe or something.com etc. The executable content filter matches based on the actual content of the attachment itself, no matter what the filename is. The filename matching will miss executable files with modified filenames, while the content filter will miss scripts and other executable content that don't have predictable content. As such they are complementary for those who want full coverage.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 visitors)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 09:11 PM.
|
| |
|
|
|
