[Dshield] vunerability windows

Louis Hablas Lou.Hablas at rzim.org
Fri Feb 6 19:21:14 GMT 2004


It is harder when dealing with compressed files, but most scanners worth
their salt will take a peak and deal with the contents accordingly...

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Erwin Van de Velde
Sent: Friday, February 06, 2004 1:20 PM
To: General DShield Discussion List
Subject: Re: [Dshield] vunerability windows


On Friday 06 February 2004 18:00, Chuck Lewis wrote:
> Erwin,
>
> I agree with what you say, but that last paragraph, will true, gets
harder.
> These more recent virus offerings have gotten very good at masking
> themselves to normal users. If these users are used to getting emails from
> workers or friends that contain attachments, when a virus reads ones
> address list and fires these off, it is, unfortunately, more challenging
> for these users. That is, as had been stated, this stuff needs to be
> trapped at the email server and never even get to our users :-)
>

Blocking at the server is all very nice of course, but it gets a lot harder 
when the virus resides in compressed files like ZIPs. You can't block all 
compressed files at the server, as there can be legitimate ones too...

Why not sign attachments? If this would be possible (later possibly even 
required) in Outlook (Express) and other mail clients, like now already 
default in kmail possible, this could do the trick when eventually all 
unsigned mails with attachments could be dropped on the server.
Of course the user needs to memorize yet another password, as we can't allow

him to save it in his favorite mail client :-)
In the beginning, there could be a lot of complaining by the 'normal' users,

but in the end, it would make things a lot easier for all of us...

And signing could stop phishing attempts too...

Greetings,
Erwin Van de Velde
Student of Univeristy of Antwerp,
Belgium

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


The information contained in this message may be CONFIDENTIAL and is for the
intended addressee only.  Any unauthorized use, dissemination of the
information, or copying of this message is prohibited.  If you are not the
intended addressee, please notify the sender immediately and delete this
message.



More information about the list mailing list