[Esa-l]Sircam with application/mixed
Lee Howard
faxguy at deanox.com
Thu Aug 2 09:02:34 PDT 2001
At 08:54 AM 8/2/01 -0700, IT Department - CI Holding Group, Inc. wrote:
>At 08:40 PM 7/31/2001 -0600, Lee Howard wrote:
>>Both. Because of local needs, I do not poison anything based on filename
>>extension, only on complete filename (i.e. "happy99.exe"). And, the
>>antivirus program gives me some reassurance that this should generally be
>>enough. The sanitizer does a wonderful job of defanging potentially
>>dangerous attachments to our Microsoft Outlook mail client base. We are
>>fortunate that the user base is intelligent enough to think twice before
>>defanging an attachment to run it.
>
>I used to think that way as well, until we were hit with some unknown
>virii. Luckily, now I do double-extension blocking (per John's filter),
>and we have prevented Melissa, I Love You, SirCam, Hybris et al.
>
>I think that if we had not been blocking those patterns, we too would have
>been a victim of the dreaded "click" that most users do without thinking
>twice (even w/ training).
If the sanitizer is defanging attachments, then it requires more than just
a "click" to defang and run the attachment. To me, you'd have to be quite
a bone-head to defang and run an attachment coming from
"hahaha at sexyfun.net"... which, since the av program catches it, will get
/dev/null'd anyway.
Lee.
More information about the esd-l
mailing list