[Dshield] new MyDoom infected attachments

Shawn Cox shawn.cox at pcca.com
Thu Feb 5 17:00:11 GMT 2004


This idea has alot of merit.  It emmulates the cisco policy of block
everything and allow specifics found in router configs...  Will you share
you list of allowed extensions?


----- Original Message ----- 
From: "Tom Geairn" <tgeairn at newviewconsulting.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, February 05, 2004 9:53 AM
Subject: RE: [Dshield] new MyDoom infected attachments


> Betsy brings up an interesting point here.  We have adopted a "block
> everything but..." attachment policy for ourselves and our clients.
> Generally the exception list is pretty liberal (placing some faith in
> other filters catching things too), but I figure "If I don't know what
> it is, and no user has asked for it...  Why should I let it in?"
>
> I'd like to hear the thoughts of others on this.
>
> Thanks,
> Tom Geairn
> NewView Consulting, LLC
>
>
> -----Original Message-----
> ...as I don't block these file types <yet>.
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list