[Esa-l]Sircam with application/mixed

Michael Meltzer michael.meltzer at sicad.de
Fri Aug 3 01:25:20 PDT 2001


"IT Department - CI Holding Group, Inc." wrote:

> At 08:40 PM 7/31/2001 -0600, Lee Howard wrote:
> >Both.  Because of local needs, I do not poison anything based on filename
> >extension, only on complete filename (i.e. "happy99.exe").  And, the
> >antivirus program gives me some reassurance that this should generally be
> >enough.  The sanitizer does a wonderful job of defanging potentially
> >dangerous attachments to our Microsoft Outlook mail client base.  We are
> >fortunate that the user base is intelligent enough to think twice before
> >defanging an attachment to run it.
>
> I used to think that way as well, until we were hit with some unknown
> virii.  Luckily, now I do double-extension blocking (per John's filter),

I got some SirCam's without double extension. May bee this happens if the
file from which SirCam takes the name for his own attachment has no extension ?!

Michael

>
> and we have prevented Melissa, I Love You, SirCam, Hybris et al.
>
> I think that if we had not been blocking those patterns, we too would have
> been a victim of the dreaded "click" that most users do without thinking
> twice (even w/ training).
>
> Thanks John!
>
> tmp
>
> i n f o r m a t i o n   t e c h n o l o g y   d e p a r t m e n t
> -------------------------------------------------------------------------------
>               C I  H O L D I N G  G R O U P ,  I N C
> e-mail:// it at ciholding.com      tel:// +1 (760) 471-8536
>                      fax:// +1 (760) 471-0399
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l

--
+---- Michael Meltzer ---+-----------------------------------------+
|   SICAD Geomatics      |   EMail : Michael.Meltzer at sicad.de      |
|   Otto-Hahn-Ring 6     |   Phone : +49-89-636-46239              |
|   81739 Muenchen       |   Fax   : +49-89-636-51313              |
+------------------------+-----------------------------------------+



More information about the esd-l mailing list