August 10, 2004 3:03 PM

Stupid Virus Blocking

This entry is directed at the frustrated computer system administrators of the world. The rest of you may have no idea what I'm talking about.

Worried about computer viruses striking your network?

My method of stoping viruses from striking my users is phenomenally effective, yet incredibly cheap. I simply block all email attachments bearing Microsoft file types that my users are unlikely to have any real desire to get in email.

At the moment, that means I have a Postfix configuration that contains the following header_checks:

/^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|cpl|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|rar|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh|zip)/ REJECT Sorry, we do not accept .${3} files.

For those that don't understand what that means, it instructs Postfix to look for message headers indicating any of a long list of attachment types, and if it finds one, to refuse to accept the message, indicating "Sorry, we do not accept filetype files." to the sender. If you don't use Postfix as your MTA, I'm sure that you can do similar things in most other sane MTAs. (If you use Microsoft Exchange as your MTA, you are out of luck, but then again you are probably out of luck anyway.)

This approach is a bit heavy handed, but I find that most of those file types are never included in any sort of legitimate email. Who would want to legitimately mail someone a .pif or .lnk file?

The big plus of the approach is that at the cost of one line of configuration, you pretty much ditch any possibility of ever seeing the next Microsoft Outlook virus. No one will ever send you an infected .exe or .scr file because you reject all of them — you will never have to worry that your virus scanner's rules are not up to date or something similar.

What are the minuses of doing this? Well, first, some users will occasionally want to get zip files in the mail. If you have no choice, you can let them through, but in practice I've never gotten complaints about this and I forward mail for lots of people. Second, this will not stop macro viruses that infest .doc and .xls files and the like. It isn't a complete substitute for having a virus scanner, though it does remarkably well.

In general, this is a really cheap and efficient barrier to put at your outermost MTA, and the people and organizations I know who have done it have never regretted it.

Posted by Perry E. Metzger | Send Feedback | Permalink | Categories: Security, Software

July 28, 2004 8:16 PM

New Paul Graham Essay: "Great Hackers"

Paul Graham has posted a new essay on his web site called "Great Hackers".

It's damn good. Even better in some ways than the old parable about programmers and bees.

If you're involved in the software industry at all, I'd recommend a read.

Paul's other essays are damn good, too. They convinced me to try programming in Lisp again, for which I'm eternally grateful.

Posted by Perry E. Metzger | Send Feedback | Permalink | Categories: Software