[Esd-l] Filename mangling

Scott Taylor scott at dctchambers.com
Tue Jun 25 07:40:01 PDT 2002


At 06:09 AM 25/06/2002, you wrote:
>Hi all,
>
>One of the senior managers here has recieved a few complaints about
>having to demangle attachments (a 5 second job at most, these people
>don't know a good thing when they've got it...) and has (practically)
>demanded that we stop mangling Word documents.

I have that same discussion with my PHB.  Get it in writing.  Write a clear 
note why defanging is there simply to make people think before they open a 
document.  If every company had this mentality things like "I Love You" 
virus would not have run so rampant.  Then have him sign it and CC a copy 
to the owners/comity/board of directors/whatever and file a copy 
yourself.  Then if someone opens up a bad DOC and doesn't have the Macro 
Protection on and blows up your network, you get his balls on a platter. ;)


>Both myself and my manager (who does know a good thing when he sees
>it, even though he's a bit of a PoB)

Piece of Braughtworst?

>have flatly stated that we are
>*very* uncomfortable about doing this and are in the process of
>drafting documents over why, but my question to the group is:

Good choice.  Cover your ass.

>Given that my userbase has to use Outlook (our database software is
>closely tied into it),

Ew!

>is there any way, other than filename
>mangling, of preventing Outlook doing it's automagic evilness?

Graham, already mentioned.

>On a side note John, if we are forced to stop mangling documents (and
>this will be a resignation matter for me) will that have any other
>side effects I need to be aware of?  I.e. is the macro scoring tied
>into the mangler?

Only need to not mangle DOC but you can continue to mangle DOT etc., it's 
very flexible and the macro check still works and will quarantine the files 
if you set it all up right.

Turn the macro score down to 10 if you are as paranoid as I am about 
working for 3 days straight to repair a couple dozen infected workstations 
because of one lazy ass.

If you need reassurance, send yourself a word doc with a self starting 
macro that creates and/or deletes a file, that should get you a high enough 
score to test it.



More information about the esd-l mailing list