Re: [squid-users] Re: block spyware with squid from Leonardo Rodrigues Magalhï¿½es on 2007-10-25 (squid-users)

From: Leonardo Rodrigues Magalhï¿½es <[email protected]>
Date: Thu, 25 Oct 2007 16:11:38 -0200

Once i tried that and had LOTS of false-positives with Windows CGI
based applications, just like:

http://www.something.com/myscript.exe?value=blabla ....

myscript.exe is not a downloadable file, it's a script that will be
executed and return HTML code to the browser.

And there's all those URLs that will reply with a executable
download but has no .exe on the URL ...

It's a simple idea, but not as easy to implement as it seems.

Thomas Raef escreveu:
> Why not block all executables except from a list of whitelisted sites?
>
> Allow windowsupdates.com, Microsoft.com, adobe.com,...
>
> That negates the need for signature based detection.
>

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, Nï¿½O mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thu Oct 25 2007 - 12:11:54 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT