AW: [Dshield] Delayed Attachment Delivery?
g.dodd at falk-ross.de
Tue Mar 2 15:04:38 GMT 2004
I am currently fighting this exact problem, one of the latest batch of
"nastiness" passes through our mail server running 2 AV scanners.
Simple fix - block all .zip attachments
Does it make business sense - try doing business with these virii / worms
running riot through the internal network.
How to get around the problem - send the attachment as "filename.abc" and
enclose in the email the actual filename and the actual senders details.
Hey, how many people should really be getting all these attachments.
I know it's not a perfect solution, but it works and there is no more "oops,
I just clicked on this attachment and ..."
Back to the fire!!
Graham K. Dodd
Director of Operation
Falk & Ross GmbH
> -----Ursprungliche Nachricht-----
> Von: list-bounces at dshield.org [mailto:list-bounces at dshield.org]Im
> Auftrag von Christophe Rome
> Gesendet: Dienstag, 2. Marz 2004 15:14
> An: list at dshield.org
> Betreff: Re: [Dshield] Delayed Attachment Delivery?
> Shawn Cox <shawn.cox at pcca.com> wrote:From: "Shawn Cox"
> To: "General DShield Discussion List"
> Subject: Re: [Dshield] Delayed Attachment Delivery?
> Date: Mon, 1 Mar 2004 09:53:18 -0600
> > You can scan all day recursively through a .zip file
> > but if you haven't
> > gotten a virus signature from your vendor you are
> > just going to pass the
> > virus right through your gateway.
> Not long ago we were pretty safe stopping all
> attachments except .zip at the mail gateway. We asked
> all senders to include only zip files. Our end-users
> in NT wouldn't be able to directly open the .zip
> attachments by double-clicking. They had to manually
> open them by using winzip. They would know what they
> were doing. But today, while running these XP clients,
> opening .zip attachments happens by simple
> What's the next step? Delaying 'suspicious'
> attachments doesn't seem smart businesswise. Do we
> really need to block all attachments coming in through
> e-mail and find another way to get these important
> files reach our end-users?
> Any suggestions?
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> __________ NOD32 1.644 (20040302) Information __________
> This message was checked by NOD32 Antivirus System.
More information about the list