[unisog] New virus - not caught by central servers (fwd)

Joseph Brennan brennan at columbia.edu
Wed Jul 28 02:25:35 GMT 2004

--On Tuesday, July 27, 2004 9:05 AM -0700 Steve VanDevender 
<stevev at darkwing.uoregon.edu> wrote:

> Rather than use what I think is the highly misguided approach of using
> reactive virus filtering, we aggressively filter all the various Windows
> attachment types that propagate worms, which provides a substantial
> level of proactive defense.  Some of the worst offenders that have
> virtually no legitimate purposes (.scr, .pif) get stripped entirely

We reject all of the file extensions that Microsoft itself calls
dangerous.  Their own Exchange server with patches refuses to allow
messages with any of the executable file extensions.  Why is anyone
second-guessing Microsoft's judgement on this issue?

That eliminates everything but .zip files, and our management decided
to reject those as well.  As a result we do not use anti-virus software
at all, saving us the considerable cost of a subscription and of the
CPU needed to run it.  The current outbreak has had no impact at all.

Identifying every known virus one by one is the wrong approach.  Do
not expect the vendors to announce this!

Joseph Brennan
Academic Information Systems
Columbia University

More information about the unisog mailing list