[rescue] Re: NetApps

Kevin kevin at mpcf.com
Thu Apr 8 13:25:29 CDT 2004 

I would be great if we could drop any attachments (or filter by
file type) that can't be scanned, but our version of Norton A/V
does not have that level of flexibility and it's the latest we
can run without upping to Exchange 2K (ain't gonna happen.) 
Hell, it took a registry hack just to get it to block the
specified attachments.

Clamav and some scripting may be able to do that, but since i've
only gotten one complaint in the three months since i've been
doing this (i only support ~25 mailboxes) i doubt i'll be
changing anything any time soon.

/KRM

On Thu, 8 Apr 2004 14:18:04 -0400
Phil Stracchino <alaric at caerllewys.net> wrote:

> On Thu, Apr 08, 2004 at 01:30:28PM -0400, Kevin wrote:
> > We do SCAN all incoming emails, once with clamav at my email
> > gateway and then again with Norton A/V for Exchange.  Neither
> > of which can scan password protected ZIP files.  There are
> > virii that send themselves out inside of password protected
> > ZIP files. The password is written inside the message body of
> > the email and it instructs the user how to unzip it.  Now it
> > is unbelievable that some moron user would actually DO what
> > the email tells him to, but that is NOT my fault, and
> > blocking ZIP files is the best way we know of to get around
> > this if we are relegated to using MS OSes in the first place.
> 
> 
> True, and I wasn't aware of the password-protected-zip-virus
> trick. Surely, then, the preferred method would be to block zip
> attachments by filetype, not by extension?
> 
> Another, more sophisticated, approach also suggests itself: 
> Scan all file attachments.  Discard all infected attachments. 
> Assume that any attachment which cannot be scanned is infected,
> and discard it too.
> 
> How about that?
> 
> 
> -- 
>  .*********  Fight Back!  It may not be just YOUR life at risk.
>   *********.
>  : phil stracchino : unix ronin : renaissance man : mystic zen
>  biker geek :: 
>  alaric at caerllewys.net|phil-stracchino at earthlink.net|phil at novy
>  len.net  ::   2000 CBR929RR, 1991 VFR750F3 (foully murdered),
>  1986 VF500F (sold)   ::    Linux Now!   ...Because friends
>  don't let friends use Microsoft.    :
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue


-- 
"Make it idiot proof and someone will make a better idiot."
keyserver: http://pgp.mit.edu/

More information about the rescue mailing list