floydp at boxusa.com
Tue Jul 24 04:11:27 PDT 2001
As long as you are using the default approach to trap double
extension files, you should have SirCam covered. I'm trapping
things that don't comply with our acceptable use policy and
anything that (as far as I know) gets used as an executable
filetype for viruses. I would definitly look at adding things
like .pif, .com, .vbs, etc. to the file, since I don't see any
reason that they should ever be in an e-mail except to transport
a virus... I don't remeber what's in John's sample trapped file,
but it should definitely have more than just *.exe.
Floyd Pierce | Director of Information Technology
Phone 847-790-2830 (IL) | Box USA
Phone 817-783-2355 (TX) | floydp at boxusa.com
Fax 847-790-2880 | floyd at floydbob.com
> -----Original Message-----
> From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
> Behalf Of Dan Kubilos
> Sent: Monday, July 23, 2001 9:46 PM
> To: esa-l at spconnect.com
> Subject: [Esa-l]Sircam
> At risk of sounding lame. . .
> Clarification please
> I understand that Sircam attachments end in .bat .pif .lnk or .com
> I currently poison all *.exe attachments.
> Do I need to add any other *.<extension> lines to my poisoned file to
> automatically quarantine a possible Sircam loaded email?
> Dan Kubilos __\o_ ^
> K-8 Tech Coord
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
More information about the esd-l