[Dshield] Password protected Bagle.F

Jon R. Kibler Jon.Kibler at aset.com
Tue Mar 2 15:08:55 GMT 2004


John Hardin wrote:
<SNIP!>
> Why would I want to accept a zipped executable file attachment from some
> random user on the Internet at large, whatever it may be named? In the
> majority of cases such messages can be automatically quarantined or
> discarded outright.
<SNIP!>
> ... If for some reason I want to be able to receive
> (zipped) executable attachments from the world at large, I will set up a
> special account that accepts them, and only that account will accept
> them, and messages in that account will get special scrutiny.
> 

I couldn't agree more. The problem is that our views are in the minority.

If we receive an email with an attachment, we quarantine the attachment
and replace it in the email with a URL to the quarantined file and a 
stern warning to the recipient that they were sent an unsafe attachment 
of unknown contents and it would be exceedingly dangerous to open this 
attachment unless the recipient was expecting it and knows in advance 
what are its contents. A notification is also sent to our mail admin who 
will hopefully have a chance to examine the attachment before someone 
decides to open in.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list