AW: [Dshield] Delayed Attachment Delivery?

Graham Dodd g.dodd at falk-ross.de
Tue Mar 2 15:04:38 GMT 2004


I am currently fighting this exact problem, one of the latest batch of
"nastiness" passes through our mail server running 2 AV scanners.

Simple fix - block all .zip attachments

Does it make business sense - try doing business with these virii / worms
running riot through the internal network.

How to get around the problem - send the attachment as "filename.abc" and
enclose in the email the actual filename and the actual senders details.
Hey, how many people should really be getting all these attachments.

I know it's not a perfect solution, but it works and there is no more "oops,
I just clicked on this attachment and ..."


Back to the fire!!


Graham


~~~~~~~~~~~~~~~~~~~~~
Graham K. Dodd
Director of Operation
Falk & Ross GmbH
Tel. +49(6301)717-0
Fax. +49(6301)717-270

> -----Ursprungliche Nachricht-----
> Von: list-bounces at dshield.org [mailto:list-bounces at dshield.org]Im
> Auftrag von Christophe Rome
> Gesendet: Dienstag, 2. Marz 2004 15:14
> An: list at dshield.org
> Betreff: Re: [Dshield] Delayed Attachment Delivery?
>
>
>
> Shawn Cox <shawn.cox at pcca.com> wrote:From: "Shawn Cox"
>
> To: "General DShield Discussion List"
>
> Subject: Re: [Dshield] Delayed Attachment Delivery?
> Date: Mon, 1 Mar 2004 09:53:18 -0600
>
> > You can scan all day recursively through a .zip file
> > but if you haven't
> > gotten a virus signature from your vendor you are
> > just going to pass the
> > virus right through your gateway.
>
> Exactly!
>
> Not long ago we were pretty safe stopping all
> attachments except .zip at the mail gateway. We asked
> all senders to include only zip files. Our end-users
> in NT wouldn't be able to directly open the .zip
> attachments by double-clicking. They had to manually
> open them by using winzip. They would know what they
> were doing. But today, while running these XP clients,
> opening .zip attachments happens by simple
> mouse-click.
>
> What's the next step? Delaying 'suspicious'
> attachments doesn't seem smart businesswise. Do we
> really need to block all attachments coming in through
> e-mail and find another way to get these important
> files reach our end-users?
>
> Any suggestions?
>
> Christophe.
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
> http://search.yahoo.com
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
> __________ NOD32 1.644 (20040302) Information __________
>
> This message was checked by NOD32 Antivirus System.
> http://www.nod32.com
>
>




More information about the list mailing list