I'm using Bordermanager 3.7 SP2 on Netware 6. I already have a rule to
block *://*/*.exe to deny downloads of exe files. I also have the
FileWall product from Connectotel set to block the extension .exe, but
today I discovered a site that has a download link for an exe file that
somehow circumvents this.

The link is located on the page:
http://www.pj64.net/main/components/...itory_startdow
n.php?id=34&chk=9810f977e3671cc813cc5eb0a441e6ce&u serid=0

The link itself is:
http://www.pj64.net/main/download/fu...ff0734c45ca8b9
c96673da8fd7bd4e/

Clicking on that link somehow triggers another url, which I can view in
my log and is the actual download:
http://www.pj64.net/main/components/...itory_startdow
n.php?id=34&chk=9810f977e3671cc813cc5eb0a441e6ce&u serid=0

You will notice that none of these urls contain .exe , yet it will
promptly bring up a box asking if I want to run or save the file "setup
Project64 1[1].6.exe"

I've never seen anything like this before. Anybody have an idea of what
is going on to make this happen or any ideas about how to block it using
Bordermanager (besides the obvious choice of blocking the entire pj64.net
domain). If it is of any consequence, it appears that the site is
running on the Joomla CMS.

Thanks for your help.
Joshua J. Schoeneck
Director of Technology
Kettle Moraine Lutheran High School