[unisog] attachment support

Eric Rostetter eric.rostetter at physics.utexas.edu
Wed Jun 12 00:59:12 GMT 2002


Quoting Jim Ennis <jim at pegasus.cc.ucf.edu>:

> Hello,
> 
> We are dealing with a recent set of problems from a klez infected system
> sending itself to some internal lists using the list-owner email.  As part
> of our response (scramble,curse,scramble), I am considering modifying
> postfix (Solaris) on our mail servers to rename all attachments so that
> they will not automagically execute when our users merrily click them.

No need to rename *all* attachments.  Only executable ones.  Or at least
IMHO.

We rename exe, com, cmd, bat, pif,sc[rt], lnk, dll, ocx, vb[se]?, hta, p[lm],
sh[bs], hlp. chm, eml, ws[cfh], ad[ep], jse?, md[abew], ms[ip], reg, asd, cil,
asx, wm[szd], vcf, and nws attachments.

Originally we didn't rename .exe attachments, as a lot of people share .exe
files, and doing so a year or two ago would get you lots of complaints.
(We instead filtered on known bad .exe files by name and extension)  But that
time has changed, we now rename all .exe files, and not one person has
complained.  You will notice we still don't do .doc files and its variations.

> Has anyone else gone through this change and what were the results/impact
> of modifying attachment names so that the users have to rename them to
> use them.

Basically no effect other than fewer viruses.  We get maybe 1 or 2 questions
a year about it.

>  We will have to work up an education plan for our users to
> let them know about the change, but we are concerned with blocking future
> mailings using our resources (either a list or direct mail) to spread
> viruses.

We have a simple web page, and that seems sufficient.  But then, my department
is rather small also (about 1000 users), so your millage may vary if you have 
a larger number of people...

> Also, we have some recent queries about blocking spam at the mailer level
> beyond the usual spam list checks.  Are there any recommended solutions
> (free or commercial) for Solaris with Postfix as the mailer software?

I try to avoid blocking spam.  Blocks too much non-spam.  Some people actually
want the spam.  We block a few addresses when they cause a major problem
(my current spam list is 6 addresses, though one of those is an entire
domain).
 
> 
> Jim Ennis                        | jim at pegasus.cc.ucf.edu
> Systems Administrator            | (407) 823-1701  |  Fax: (407) 823-5476
> University of Central Florida    | Murphy's paradox:
>                                  | Doing it the hard way is always easier.


-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

"TAD (Technology Attachment Disorder) is an unshakable, impractical devotion
to a brand, platform, product line, or programming language. It's relatively
harmless among the rank and file, but when management is afflicted the damage
can be measured in dollars. It's also contagious -- someone with sufficient
political clout can infect an entire organization."

--"Enterprise Strategies" columnist Tom Yager.



More information about the unisog mailing list