RE: [inbox] Re: [Full-Disclosure] Re: E-Mail viruses

From: Paul Szabo (psz_at_maths.usyd.edu.au)
Date: 03/05/04

  • Next message: Incident List Account: "[Full-Disclosure] Re: E-Mail viruses"
    To: Valdis.Kletnieks@vt.edu, purdy@tecman.com
    Date: Sat, 6 Mar 2004 08:18:27 +1100 (EST)
    
    

    Curt Purdy <purdy@tecman.com> wrote:

    >>> An alternative is to allow only a proprietary extension through,
    >>> like .inc. Legitimate senders would rename the file, be it .exe
    >>> .doc .jpg, indicate in the body of the message what the true
    >>> extension is, and the receiver merely renames it.
    >>
    > Only the proprietary extension, i.e. .inc or .xyz or .whatever,
    > would be allowed through, and since virus writers would never use
    > this extension, it would eliminate ALL viruses at the gateway.
    > The nice thing about this approach is that it completely eliminates
    > the need for any anti-virus on the mail server since all virus
    > attachments are automatically dropped without the need for scanning.
    > Quite a simple, yet elegant solution, if I do say so myself.

    Yes, it eliminates a large class of viruses. But, it would not do
    anything to "local" attacks (a virus modified specifically to handle
    your particular setup; and if it becomes widely used then "real"
    viruses will also do the same).

    Also it does nothing to viruses that do not use attachments: attacks
    on a "Subject:" buffer overflow, or a virus delivery via the web with
    a link or "Content-type: message/external-body".

    Also you might miss some attachments: "uuencoded block"s, or those
    within incomplete "Content-type: message/partial" bits.

    Within those limitations, it is a great idea to keep an organization
    free from "common" attacks.

    Cheers,

    Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
    School of Mathematics and Statistics University of Sydney 2006 Australia

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Incident List Account: "[Full-Disclosure] Re: E-Mail viruses"

    Relevant Pages

    • CERT Advisory CA-2004-02 Email-borne Viruses
      ... CERT Advisory CA-2004-02 Email-borne Viruses ... Source: CERT/CC ... Unsolicited email messages containing attachments are sent ... A virus infection can have significant consquences on your computer ...
      (Cert)
    • CERT Advisory CA-2004-02 Email-borne Viruses
      ... CERT Advisory CA-2004-02 Email-borne Viruses ... Source: CERT/CC ... Unsolicited email messages containing attachments are sent ... A virus infection can have significant consquences on your computer ...
      (Cert)
    • The Truth About AIDS. Biological Warfare at is finest
      ... AIDS was created in a test tube and released into the population. ... Contrary to widespread speculations that human AIDS viruses arose from ... National Cancer Institute researchers noted that "only one virus ... virus RNA, associated with leukemia and sarcoma development, and ...
      (rec.org.mensa)
    • Re: Is Yahoo doing all it can to prevent the spread of viruses?
      ... Yahoo is not a good email provider, since they like to spam their customers, ... > I had read that Hotmail does automatic screening for viruses, ... virus spreading emails sent to my account to begin with. ... You want users to scan the attachments ALL THE TIME. ...
      (microsoft.public.security.virus)
    • KRiLE and Zvi Netiv... for old times sake
      ... the Virus Defence Bureau (formerly ... it 'Finds and repairs ALL viruses known and unknown.' ... 'At the point of installation Invircible ... File infectors given free rein ...
      (alt.comp.anti-virus)