Once i tried that and had LOTS of false-positives with Windows CGI based applications, just like:
http://www.something.com/myscript.exe?value=blabla ....myscript.exe is not a downloadable file, it's a script that will be executed and return HTML code to the browser.
And there's all those URLs that will reply with a executable download but has no .exe on the URL ...
It's a simple idea, but not as easy to implement as it seems. Thomas Raef escreveu:
Why not block all executables except from a list of whitelisted sites? Allow windowsupdates.com, Microsoft.com, adobe.com,... That negates the need for signature based detection.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@xxxxxxxxxxxxxx My SPAMTRAP, do not email it
<<attachment: smime.p7s>>
