[unisog] New virus - not caught by central servers (fwd)

Gary Flynn flynngn at jmu.edu
Wed Jul 28 15:35:07 GMT 2004


Brian Reilly wrote:

> We block Microsoft "Type I" attachments and .ZIPs as well, with very good
> success.  (Being able to say "Columbia does this too" was helpful.)  For
> us, it was a combination of the productivity loss (for both users and
> desktop support staff) and the need for a cost-effective solution that was
> going to have the best results.  Paying $50,000+ for a solution that was
> still going to leave us exposed to the 0-day stuff wasn't an ideal option.  
> We also went by the numbers; based on our analysis prior to dropping
> .ZIPs, a minimum of 86% of the .ZIPs we delivered were likely generated by
> email-borne viruses.


We've stripped zips in the past temporarily as circumstances
dicated but after Monday we're looking strongly at making
it permanent.

It would be nice if we could just strip zips containing
executables but our mail server, Mirapoint, does not support
this. We've requested an enhancement to support this. Sadly,
we'd also have a need to handle password protected zips in
some way.


-- 
Gary Flynn
Security Engineer
James Madison University



More information about the unisog mailing list