[unisog] New virus - not caught by central servers (fwd)
reggers at ist.uwaterloo.ca
Wed Jul 28 14:10:34 GMT 2004
From: "Joseph Brennan" <brennan at columbia.edu>
> We reject all of the file extensions that Microsoft itself calls
> dangerous. Their own Exchange server with patches refuses to allow
> messages with any of the executable file extensions. Why is anyone
> second-guessing Microsoft's judgement on this issue?
> That eliminates everything but .zip files, and our management decided
> to reject those as well.
For those who subscribe we reject all the usual executable files but still
accept zips which we scan with ClamAV. We get caught (a bit) on 0-day
problems and I've been arguing that we ought to block zips as well... and
stop worrying about the AV filter on incoming mail.
Some people claim that if you block zips then they can't get their work
done. Apparently people at Columbia do get their work done.
How has your user community accomodated your e-mail security filtering? Ie.
when they really need to send a zip (or exe, etc.) how do they do it?
More information about the unisog