Ben Parker's list of suspicious sources ought to have included the FBI--the
Director, no less!

One of my lists had the same phony USPS item, fortunately caught in the
moderation interface. Noting the ZIP attachment, I classified it as a virus
rather than spam. (I try to keep some statistics about attacks on the list.)

But the ZIP file does bring up an issue on which I'd like some advice: Is
there any reliable way (please note the word "reliable") to block such
things?

I used to block attachments, except for a list of approved types. I have
given it up because
(a) list users don't check the list and always seem to be sending with new
attachment types, and
(b) the attachment filtering I know how to use is by MIME Content-Type
entries, and there tend to be multiple encodings for any given file format.

My primary reason for filtering was always to block ZIPped viruses, because
it's entirely likely that address spoofing will cause them to be submitted
"from" a trusted subscriber address. However, my list users turn out to need
me to allow the generic
   Content-Type: application/octet-stream
which is not only usable but the most likely encoding for ZIP viruses.

Ideally, I'd like to filter by the .zip file extension, but attempts to
cobble up an effective filter have failed. I believe this is because the
Content Filter works on email header lines or email text, but not on MIME
headers for attachments. They seem to be exempt from its operation.

Anyone have a solution?

Hal Keen


############################

To unsubscribe from the LSTOWN-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa.exe?SUBED1=LSTOWN-L&A=1