E-Mail Block EXE's?

[spools.exe]

I work at my local ISP and we here are talking about filtering out all EXE attachments. If someone wants to send an EXE file they will have to zip it up. This, we belive, will give the receiver more time to scann the file before opening it up.

Do You This We Should Filter EXE Files Or Is To Too Much Of Use To Ask Our Customers To Zip Them Up?

[Palemoon]

Well if you are talking home users you would be wasting your time really. If they could not get the file or did not know how to Zip it they's set up a temp email account for free and say send it here and if under 3 megs one click and the infection starts. As a pro admin I can block just about anything arriving email and catch the rest with virus scanners. I cannot however block lame users going to a free email account, and then downloading it. Forget and ISP hey have IM, IRC also. There is no cure for lame users especally when M$ touts their software as being secure. Is really to much to ask of end users unless say they loose their connect because of setting loose an infection or have an unsecure. As an ISP do you premote uses of virus scanners and say firewalls. Give lame users these by default or at least make them very aware of it.

[Tedob1]

im with pale moon on this one.

if you decide to do this you better beef up you support staff cause you'll be swamped with calls. "what happened to my file?" and i really don’t think its a service providers place to do this unless you have software like aol that zips/unzips things automatically and want to cater to the computer illiterate.

[gamernewbie]

Working for an ISP before I understand both sides of it. #1 block .exes that would stop calls from the morons that call in all day long talking about I got a virus you are my ISP and you should be cleaning them out for me. Trust me I have had plenty of those lusers. Then you get the people that know what they are doing and take precautions and we don't want someone telling us that we NEED to zip our files even though we might do this ourselves. It is a lose lose situation but ISP's always have people that are not technically savvy reviewing their operation and they are the ones that come up with this stupid stuff but to the luser it may sound like a great idea.

[r8devil]

Not a good idea for ISPs to block exe in mail. Its gonna result in a shitload more calls by their end users. I think a better idea would be to offer the service to users and allow them to choose if they want it. Then at least you can always say that the user has signed for it and thus the exe has been blocked.

[the_JinX]

I'm with r8devil on this one..

It's easy to configure it in a way users can select how they want their mail to be filtered..

try procmail

http://www.impsec.org/email-tools/pr...-security.html

you could also use mangled ("defanged") attachment filenames,
this could get you a lot of user calls.. but they will be safe from virii
and will still be able to get them (damned) exe attachments..

http://www.impsec.org/email-tools/sa...-unmangle.html

[slarty]

Tricky one that:

- As an ISP it's generally your responsibility to provide users with a correct, working, unfiltered internet connection. Some users could consider filtering email to be a fault.
- But of course .exes in email aren't really that useful
- But people do send them sometimes legitimately

If you filter exes, you may as well filter out dozens of other file types often used by worms too, and put in a rule which throws anything which looks like an mz exe away (even if it isn't called .exe)

Ideally you'd have the filters turned on by default, and provide the user an option to turn it off.

Also, if you do remove an attachment from an email, add a text file explaining why the attachment was removed and telling them how to get it not removed.

[BrainStop]

Another consideration on this one is self-extracting zipfiles.

I sometimes send files to my parents and they are totally clueless when it comes to software. So instead of trying to explain to them what zip means, I just create a self-extracting zipfile, and tell them to double-click on it.

(But then, I've also installed firewall and anti-virus software on their PC).

It's a tough choice, being a service provider.

Cheers,

BrainStop

[Grinler]

I agree that blocking .exe .doc and .xls files are a mistake. We tried it briefly and quickly stopped it. I do not think, though there is anything wrong with block .pif, .vbs, .scr, and .bat from coming through. They are nonstandard for the average user to send, and those people who are sending them are technical enough that if you explained your reasoning, would agree.

A good solution is a package like exim and create mail filters via exim. Here you can block out files with those extensions and also create custom filters for certain .exe's that you know are virii currently being sent through the internet.

Grinler

[spools.exe]

we offer a serrvice called spamzapper, what it does is creat a folder called spam and most of the spam you receive goes there instead of your inbox. What we wanted to do is all another to it's rules that will also send the EXE's and not the message to that folder.

When they view their message it will display a message like:

--------------------------------------------------------------------------------------------
Attachment May Have Contained A Virus And Was Sent To SPAM folder
--------------------------------------------------------------------------------------------

Would This Be A Good Idea? It Should Cut Back On The Spreand Of Most E-Mail Virii

Or Sould We just Tell Them To Buy A Good AV w/ E-mail Protection?