Once i tried that and had LOTS of false-positives with Windows CGI
based applications, just like:
http://www.something.com/myscript.exe?value=blabla ....
myscript.exe is not a downloadable file, it's a script that will be
executed and return HTML code to the browser.
And there's all those URLs that will reply with a executable
download but has no .exe on the URL ...
It's a simple idea, but not as easy to implement as it seems.
Thomas Raef escreveu:
> Why not block all executables except from a list of whitelisted sites?
>
> Allow windowsupdates.com, Microsoft.com, adobe.com,...
>
> That negates the need for signature based detection.
>
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@solutti.com.br My SPAMTRAP, do not email it
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT