Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS

From: Kenneth Porter <shiva well com>
To: Evolution Mailing List <evolution ximian com>
Subject: Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
Date: 20 Aug 2002 04:53:16 -0700

On Mon, 2002-08-19 at 20:48, Rob Brown-Bayliss wrote:

Does it block all executables?  A bit of a pain if some one is trying to
send you something usefull?


I use the Procmail Sanitizer, and it blocks anything with an executable
extension (exe/pif/scr/bat/cmd, etc.). If someone needs to email an
executable, they can zip it first, or put it up on a web or FTP server.
The main objective is to stop moron Windows users from double-clicking
viruses to life.

There's also a nasty Outlook exploit that uses the iframe tag to launch
an executable just by viewing the message in the preview pane. I see a
lot of those.

Alas, executables can often travel with mutilated names (for instance,
trailing spaces and dots, or encoded 8-bit names) that Windows can
gratuitously "fix", so that the file gets past naive name-based filters.
Defense in depth is called for. Block dangerous filenames, run AV
software, and outlaw the most-frequently targeted MUA's from the company
network.

References:
- VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
  - From: Mark Boylan
- Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
  - From: Michael Leone
- Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
  - From: Rob Brown-Bayliss

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]