[Dshield] vunerability windows

Erwin Van de Velde erwin.vandevelde at ua.ac.be
Fri Feb 6 18:19:49 GMT 2004

On Friday 06 February 2004 18:00, Chuck Lewis wrote:
> Erwin,
> I agree with what you say, but that last paragraph, will true, gets harder.
> These more recent virus offerings have gotten very good at masking
> themselves to normal users. If these users are used to getting emails from
> workers or friends that contain attachments, when a virus reads ones
> address list and fires these off, it is, unfortunately, more challenging
> for these users. That is, as had been stated, this stuff needs to be
> trapped at the email server and never even get to our users :-)

Blocking at the server is all very nice of course, but it gets a lot harder 
when the virus resides in compressed files like ZIPs. You can't block all 
compressed files at the server, as there can be legitimate ones too...

Why not sign attachments? If this would be possible (later possibly even 
required) in Outlook (Express) and other mail clients, like now already 
default in kmail possible, this could do the trick when eventually all 
unsigned mails with attachments could be dropped on the server.
Of course the user needs to memorize yet another password, as we can't allow 
him to save it in his favorite mail client :-)
In the beginning, there could be a lot of complaining by the 'normal' users, 
but in the end, it would make things a lot easier for all of us...

And signing could stop phishing attempts too...

Erwin Van de Velde
Student of Univeristy of Antwerp,

More information about the list mailing list