Sure it's easy when you block by rep_mime_type application/octet-stream Then you're not blocking by a file extension. I would never think of "blocking" by file extension. Too many ways around it. We've seen programs that will take an executable and convert to either an html file or a php. The aforementioned method blocks these and many other executable methods. Try it, you'll like it. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 "You're either hardened, or you're hacked!" > -----Original Message----- > From: Leonardo Rodrigues Magalhães [mailto:leolistas@xxxxxxxxxxxxxx] > Sent: Thursday, October 25, 2007 1:12 PM > To: Thomas Raef; Squid Users > Subject: Re: Re: block spyware with squid > > > Once i tried that and had LOTS of false-positives with Windows CGI > based applications, just like: > > http://www.something.com/myscript.exe?value=blabla .... > > myscript.exe is not a downloadable file, it's a script that will be > executed and return HTML code to the browser. > > And there's all those URLs that will reply with a executable > download but has no .exe on the URL ... > > It's a simple idea, but not as easy to implement as it seems. > > > Thomas Raef escreveu: > > Why not block all executables except from a list of whitelisted sites? > > > > Allow windowsupdates.com, Microsoft.com, adobe.com,... > > > > That negates the need for signature based detection. > > > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > http://www.solutti.com.br > > Minha armadilha de SPAM, NÃO mandem email > gertrudes@xxxxxxxxxxxxxx > My SPAMTRAP, do not email it > > >
