[Dshield] Delayed Attachment Delivery?

SGray SGray at medford.k12.nj.us
Mon Mar 1 14:33:39 GMT 2004

I personally use the Symantec Gateway product for this functionality.
It tosses attachments that I designate and more importantly also opens
zipped attachments to search for these files.  Zipped files should
almost always be inspected just as your attachments are.

-----Original Message-----
From: Lewis Wolfgang [mailto:wolfgang at sweet-haven.com] 
Sent: Friday, February 27, 2004 11:58 PM
To: list at dshield.org
Subject: [Dshield] Delayed Attachment Delivery?

Hi Folks,

I work at a facility that processes more than 100,000
incoming email messages per day.  Twice this week we've
been compromised by viruses that managed to sneak in
before the virus signatures recognized the infections
(Netsky.c and Bagle.c).  The "zero day" effect has
turned into a "zero hour" problem.

It would seem that if certain executable attachments could
be delayed for a few hours before delivery we'd have some
breathing room to allow the virus signatures time to
settle in.  Known dangerous filetypes (and double-extent
filenames) could be thrown away right away.  Zipped
executables would be the candidates for delayed delivery.

Does anyone have any thoughts or recommendations?

Lew Wolfgang

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list