slarty

by using the MIME type 'application/octet-stream' executables can be blocked. this can be broken down still farther to allow or deny particular types of binary(octet) streams:

Type .ps - application/octet-stream binary 0.8
Type .rtf - application/octet-stream binary 1.0
Type .csh - application/octet-stream binary 0.5

or

Type application/octet-stream .so
Type application/octet-stream .dll
Type application/octet-stream .jar

or

application/Winzip


this in no way affects images that have a totally different MIME type:

Type image/*
Type image/gif
Type image/jpeg
ETC

didn't think it was necessary to complicate this thread with firewall configuration info. If potentially dangerous files are blocked by an application firewall this would limit the potential hazards a service like this could present if gone undetected.

Sorry for contradicting your contradiction but IMO this is an important point to be made. Having a good firewall in place can save your network.