[Dshield] new Netsky.b virus - quick analysis (incl. hexdump)

John Holmblad jholmblad at aol.com
Thu Feb 19 16:38:49 GMT 2004


Erik,

your point is well taken.

Like others I have resorted to file zipping from time to time to get 
past simple file filters. Unfortunately I am far behind most of this 
group when it comes to the good and bad of SMTP so I can't offer any 
concrete suggestions other than the following idea: use a protected ftp 
site or portal to pass files. For example, for a group of individuals 
that includes myself,  I am right now in the process of setting up a  
trial of a password protected portal , one of whose purposes is to pass 
files between group members so we can get away from email based file 
transfer altogether. Because the portal service provider, in this case 
Apptix, which provides its portal service using Windows Server 2003 
Sharepoint Services has to store the files on their server somewhere, 
they seem to block executables (presumably defined by the file suffix) 
from being posted to the site. So, for example, .chm files cannot be 
posted there. Of course we could get around this restriction by setting 
up our own Windows server, strengthening the credential required to 
enter to, say a digital certificate, and relax the policy restriction on 
having executable files transferred to the site.

-- 

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

text email address:         jholmblad at vtext.com




More information about the list mailing list