[Dshield] Delayed Attachment Delivery?
wolfgang at sweet-haven.com
Sat Feb 28 04:58:29 GMT 2004
I work at a facility that processes more than 100,000
incoming email messages per day. Twice this week we've
been compromised by viruses that managed to sneak in
before the virus signatures recognized the infections
(Netsky.c and Bagle.c). The "zero day" effect has
turned into a "zero hour" problem.
It would seem that if certain executable attachments could
be delayed for a few hours before delivery we'd have some
breathing room to allow the virus signatures time to
settle in. Known dangerous filetypes (and double-extent
filenames) could be thrown away right away. Zipped
executables would be the candidates for delayed delivery.
Does anyone have any thoughts or recommendations?
More information about the list