[Dshield] Virus

Ed Truitt ed.truitt at etee2k.net
Sat Aug 31 15:57:55 GMT 2002


I think the question is "why don't you configure your mail servers to block
any files with the extension of .PIF (in addition to others, such as .EXE,
.COM, .BAT, .VBS, .SCR, and other file types associated with executables),
stripping off the attachments before delivering the email?"  My employer has
done this for years, in addition to virus-checking inbound emails from the
Internet.  It has saved our bacon on more than one occaision.  It is
somewhat of a nuisance, but you can bypass the protection (if you are
sending a legitimate executable) by ZIPPING it up (or use tar, compress, or
your favorite *nix or Windows compression utility), and password-protecting
the file (encrypt it.)  This way the mail gateway won't notice it is an
executable, and you have some level of assurance that it wasn't altered in
transit.  Of course, you have to agree on a password with the recipient
before hand, if you are using a password-protected ZIP file.  If you use
PGP/GPG/some form of PKI-type of encryption, you have to have the proper
keys in your possession.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "dominique fiori" <dominqiuefiori at numericable.fr>
To: <list at dshield.org>
Sent: Friday, August 30, 2002 12:20 PM
Subject: RE: [Dshield] Virus


> What did you mean please ?
>
> D*
[SNIP]




More information about the list mailing list