[Asterisk-Users] Re: Hi
Matt Riddell
matt at surecall.co.nz
Sun Apr 4 10:24:10 MST 2004
Agreed...not that there is much of a security risk with pif files when you
don't execute them...
It was just a passing comment as I am on about 10-15 mailing lists and this
one is the only one I receive viruses from...and this is the 2nd or 3rd
time...all the other lists I am on don't allow attachments.
I didn't ask that all attachments be removed because I know some people like
to attach .conf files (whether or not it's a requirement, seeing as most
people just paste in the contents to the email successfully, I don't know)
so my post was more a question regarding the possibility of removing .pif
files...
I would say that there are people who unwittingly trust content from this
list (at their peril) and may have infected their machines.
All good. You are correct re client-side vs server-side.
Topic over.
Matt Riddell
----- Original Message -----
From: <andrewg at felinemenace.org>
To: <asterisk-users at lists.digium.com>
Sent: Monday, April 05, 2004 5:14 AM
Subject: Re: [Asterisk-Users] Re: Hi
> G'day,
>
> If you rely on the server side to implement security for you then you've
already lost. You can filter on your smtp server end, or your mail client
end.. this will be far more reliable.
>
> Second hint for you, as opposed to dropping 'problem' extensions, why
don't you whitelist the extension names (not that that really means /too/
much), such as .txt or .conf, as this would increase your 'security' more.
>
> - andrewg
>
> On Mon, Apr 05, 2004 at 04:35:26AM +1200, Matt Riddell wrote:
> > Can't we get the mailing list to not allow mails with .pif files
attached?
> >
> > Matt Riddell
More information about the asterisk-users
mailing list