[Dshield] Password protected Bagle.F

Christophe Rome asrgchr at yahoo.com
Tue Mar 2 20:30:25 GMT 2004

--- "Jon R. Kibler" <Jon.Kibler at aset.com> wrote:
> If we receive an email with an attachment, we
> quarantine the attachment
> and replace it in the email with a URL to the
> quarantined file and a 
> stern warning to the recipient that they were sent
> an unsafe attachment 
> of unknown contents and it would be exceedingly
> dangerous to open this 
> attachment unless the recipient was expecting it and
> knows in advance 
> what are its contents. A notification is also sent
> to our mail admin who 
> will hopefully have a chance to examine the
> attachment before someone 
> decides to open in.

Well, Jon, 

It's a good alternative to delaying the delivery of
attachments but IMHO it's no good either. In this
system you rely on the common sense of the end-user
and that's a risk I, as a network administrator, am
not willing to take. I do following your reasoning.
End-users will read the warning and indeed, most of
the time, be very cautious before opening the
attachment but:
a) you've got daredevils everywhere
b) a distracted reader might ignore the warning
c) a message from a spoofed sender may look familiar
to the end-user

Your solution makes sense but is not acceptable when
it concers network security. If one user does persist
and opens an infected attachment, hell could be

But then again, it might suffice in the real world. A
little more faith in the end-users' common sense is
what I lack..., not? ;-).


Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster

More information about the list mailing list