[Esd-l] Whitelist instead of blacklist for attachment names
shiva at well.com
Mon Jul 15 16:10:01 PDT 2002
In firewall design one typically sets a default policy of dropping all
but a few specified connection types. How about doing the same with
email attachment names? This should be far easier to police than the
evolving poisoned filename list.
Attachments with malformed names should be rejected immediately, on the
assumption that they're malicious.
To start, it would be nice to log a list of attachment names over time
on the gateway, to get a representative sample of the kinds of
legitimate attachments that are seen.
More information about the esd-l