[rescue] Re: NetApps
Phil Stracchino
alaric at caerllewys.net
Thu Apr 8 13:18:04 CDT 2004
On Thu, Apr 08, 2004 at 01:30:28PM -0400, Kevin wrote:
> We do SCAN all incoming emails, once with clamav at my email
> gateway and then again with Norton A/V for Exchange. Neither of
> which can scan password protected ZIP files. There are virii
> that send themselves out inside of password protected ZIP files.
> The password is written inside the message body of the email and
> it instructs the user how to unzip it. Now it is unbelievable
> that some moron user would actually DO what the email tells him
> to, but that is NOT my fault, and blocking ZIP files is the best
> way we know of to get around this if we are relegated to using MS
> OSes in the first place.
True, and I wasn't aware of the password-protected-zip-virus trick.
Surely, then, the preferred method would be to block zip attachments by
filetype, not by extension?
Another, more sophisticated, approach also suggests itself: Scan all
file attachments. Discard all infected attachments. Assume that any
attachment which cannot be scanned is infected, and discard it too.
How about that?
--
.********* Fight Back! It may not be just YOUR life at risk. *********.
: phil stracchino : unix ronin : renaissance man : mystic zen biker geek :
: alaric at caerllewys.net|phil-stracchino at earthlink.net|phil at novylen.net :
: 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold) :
: Linux Now! ...Because friends don't let friends use Microsoft. :
More information about the rescue
mailing list