[unisog] attachment support

H. Morrow Long morrow.long at yale.edu
Tue Jun 11 23:27:22 GMT 2002

We've done it here (we rename all of the attachment types on Microsoft's
list of attachments considered 'dangerous' to end in '.xex' and we also
modify MIME types in some cases as well) with our own 'milter' filter.

One nice side effect of this was that we became stricter on the MIME std
and rejected blatantly illegal MIME formats, this led us to reject all
Klez messages...

Everyone (running Windows at least) is supposed to be running AntiVirus
s/w on the PC and keeping it updated as well.

We are not currently using antispam measures (other than per user filtering)
but the Medical School is experimenting with SpamAssassin.

H. Morrow Long
Information Security Office
ITS, Yale University

Jim Ennis wrote:
> Hello,
> We are dealing with a recent set of problems from a klez infected system
> sending itself to some internal lists using the list-owner email.  As part
> of our response (scramble,curse,scramble), I am considering modifying
> postfix (Solaris) on our mail servers to rename all attachments so that
> they will not automagically execute when our users merrily click them.
> Has anyone else gone through this change and what were the results/impact
> of modifying attachment names so that the users have to rename them to
> use them.  We will have to work up an education plan for our users to
> let them know about the change, but we are concerned with blocking future
> mailings using our resources (either a list or direct mail) to spread
> viruses.
> Also, we have some recent queries about blocking spam at the mailer level
> beyond the usual spam list checks.  Are there any recommended solutions
> (free or commercial) for Solaris with Postfix as the mailer software?
> Jim Ennis                        | jim at pegasus.cc.ucf.edu
> Systems Administrator            | (407) 823-1701  |  Fax: (407) 823-5476
> University of Central Florida    | Murphy's paradox:
>                                  | Doing it the hard way is always easier.

More information about the unisog mailing list