[Esd-l] ZIP scanning, take two (repost)
Snowy Angelique Maslov aka 'Snowpony'
snowy at snowy.org
Sun Feb 22 20:01:47 PST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 22 Feb 2004, John D. Hardin wrote:
> Question: should I make the "ZIPPED_EXECUTABLES=$POISONED_EXECUTABLES"
> the default behavior? In other words, should I force you to think
> about your zipped files policy by making it reject everything if you
> don't give a policy, or should ZIPs be trusted by default unless you
> want to be more careful.
>
> As always, I'm leaning towards default-paranoid.
I must admit I tend to get people to zip things to get through filters on most
systems. However with the way Windows XP/2003 now handles zip files this
technique is starting to have it's own security problems. :/ I'd say perhaps
let zips be trusted by default otherwise we are going to run out of ways of
sending things to people ;)
- --
Snowy "Snowpony" Angelique Cerise Maslov -- http://snowy.org/email.signature
PGP (GnuPG) fingerprint = 5280 6EBC D281 A9D2 564B E274 B2EC 54C3 8325 CECD
Email not addressed/CCd to snowy at snowy.org BOUNCE. READ URL for disclaimer!
"Ignorance killed the cat, sir. Curiosity was framed." ---C.J. Cherryh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQFAOXswsuxUw4Mlzs0RAj60AJ9ORMk1OPvKAvpk+dUjNxAFWgSrdQCfZKhp
QQ+Gs6lWHjind8d4VAqNsb8=
=Vs4Q
-----END PGP SIGNATURE-----
More information about the esd-l
mailing list