LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Limiting types of images - another try

Michael Shannon <[log in to unmask]>

Mon, 5 Aug 2002 12:17:18 +1000

text/plain (64 lines)

>
> If I now delete the sizlim altogether, will the
> Attachments=Images/jpeg be
> strong enough to allow .jpg photos only, and not viruses?  I
> am pretty sure
> now that if I delete the size limit, the picture will be
> allowed.  I don't
> know however, how safe it is to rely on Attachments=Images/jpeg only.
>
> Can anyone take a chance and answer this?
>

OK, I'll take a stab.  :)

Trying to limit on specific file types is something of a hit & miss affair.
I tried to do much the same thing with JPG & GIF files for one of our busier
lists a couple of years ago only to give up in frustration.  While most mail
clients will declare the attachments properly (eg. Content-Type: image/jpg;
name="image.jpg") not all of them do.  Plus (expecially in the case of
JPGs), there is sometimes two extensions to think about (eg. JPG and JPEG)
which adds to the problem.  I would imagine you would find out, as I did,
that it will work for about 80% of your subscribership and not for the rest
(and according to Murphy's Law, it will undoubtedly be the most vocal ones).

Now, your question above asks if removing the size limitation will
comprimise security.  In my opinion, I'd say, "Yes".  You said yourself that
you consider your current measures "trustworthy in avoiding viruses".  As a
certain member of this very list is wont to quote, "If it ain't broke, don't
fix it".

If you *must* allow JPGs onto your list then I'd suggest modifying your
thinking somewhat.  Keep your header as you've got it now:

Language=noHTML
Attachments=Images/jpeg
Sizlim=210

To make it easier to send pictures, increase your Sizlim= to something like
250-300 lines.  I seem to recall that in my own testing this allowed up to
40kb filesize, which is plenty big enough for a picture.  Anything larger
becomes unwieldy over SMTP.  Your subscribers will either have to live with
that or learn how to make a JPG file smaller (easy enough to do without
losing quality if you know how).

This also helps to block most viruses which seem to weigh in at around the
350-400 line limit.  This is assuming that virus writers haven't gotten
smarter since I last looked.

Hopefully this answers your question.

--
Chazzozz!!

Michael Shannon
Webmaster
[log in to unmask]

"Before you can grow old and wise you must first survive being young and
stupid." - Ancient Proverb

Note: Opinions expressed on this list are my own and do not reflect the
views, opinions or position of my employer.  If swallowed, seek medical
advice.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM