[unisog] Request Opinions on Anti-Virus Software

Peter Van Epp vanepp at sfu.ca
Mon Jun 6 15:30:50 GMT 2005

On Mon, Jun 06, 2005 at 11:10:15AM -0400, Michael Holstein wrote:
> >Do you block .doc and .xls files as well?   You should not have to block 
> >.zip files as they require work on the user's part to make them dangerous.
> Unfortunately, users have repeatedly demonstrated the desire to "go the 
> extra effort" to make ZIP files dangerous.
> "Oh .. how thoughtful .. they encrypted it for me .. but at least they 
> gave me the password".
> ~Mike.
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

	True, but education does work. Our first time through there were around
50 accounts that clicked on an executable to become infected. After their 
network access was removed they (the user, not their lan administrator who 
cleaned the machine) had to explain via email to the Director that they 
understood why this was an inappropriate thing to do and what they were going
to do to prevent a reoccurance before their network access was returned (even
after the machine had been cleaned). The last time a week or so ago there were 
3 machines (and only one of those was a repeat offender). 
	We allow zips but block password protected zips (which did cause 
complaint from a small number of users) because there is some requirement for 
users to get attachements via email from sites we don't control and who won't 
change to accomidate us so we have to accomidate them.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list