[Dshield] Email blocking security question

Corinne Cook corinnec at sullcurt.com
Tue Mar 4 23:37:57 GMT 2003

My av program scans .zip files and blocks them only if they have dangerous
files within.  Including the ones you listed, I also quarantine the
following (I quarantine in case some are valid so I can pull them out when
that rarity occurs).  Mind you, we are not in an environment where we have
programmers or developers or others who would be having need to send many of
these to each other so you may not want to be as restrictive as this if you
are in such an environment:

.exe, .com, .chm, .asx, .adp, .ade, .bin, .cpl, .crt, .hlp, .hta, .vb*,
jer.htm, .inf, .ins, .isp, .ini, .jse, .msi, .msp, .mst, .pcd, .scr, .reg,
.wsc, .wsh, .wsf, .ceo, .bat, .cmd, .pif, .asp, .dll

Hope this helps a little.

Corinne Cook
Systems Administrator
Sullivan & Curtis 
3310 Two Union Square
601 Union St.
Seattle, WA 98101
p: (206)892-9200 x292
f: (206)892-9201

-----Original Message-----
From: Richard Roy [mailto:RoyR at justicetrax.com] 
Sent: Tuesday, March 04, 2003 2:17 PM
To: list at dshield.org
Subject: [Dshield] Email blocking security question

I have a security question that has come up as a sort of internal
debate.   Archive files (.zip) specifically.  Do you allow them thru the
firewall in email attachments?  Some of my peers feel they should be blocked
as they can be autoexecuted.  I'm not sure, I didn't think they could be but
we need to be safe these days.  Currently we block .pif,
.scr, .exe, .bat, .vb*, .com    anyone think of any others.

Richard Roy
Network Administrator
JusticeTrax Inc
602-938-0059 x102
royr at justicetrax.com

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list