[Esa-l]Sircam with application/mixed

IT Department - CI Holding Group, Inc. it at ciholding.com
Thu Aug 2 08:54:53 PDT 2001

At 08:40 PM 7/31/2001 -0600, Lee Howard wrote:
>Both.  Because of local needs, I do not poison anything based on filename
>extension, only on complete filename (i.e. "happy99.exe").  And, the
>antivirus program gives me some reassurance that this should generally be
>enough.  The sanitizer does a wonderful job of defanging potentially
>dangerous attachments to our Microsoft Outlook mail client base.  We are
>fortunate that the user base is intelligent enough to think twice before
>defanging an attachment to run it.

I used to think that way as well, until we were hit with some unknown 
virii.  Luckily, now I do double-extension blocking (per John's filter), 
and we have prevented Melissa, I Love You, SirCam, Hybris et al.

I think that if we had not been blocking those patterns, we too would have 
been a victim of the dreaded "click" that most users do without thinking 
twice (even w/ training).

Thanks John!


i n f o r m a t i o n   t e c h n o l o g y   d e p a r t m e n t
              C I  H O L D I N G  G R O U P ,  I N C
e-mail:// it at ciholding.com      tel:// +1 (760) 471-8536
                     fax:// +1 (760) 471-0399

More information about the esd-l mailing list