RE: Novarg
From: Duston Sickler (dustons_at_charter.net)
Date: 01/29/04
- Previous message: Ivan Coric: "Re: Novarg - Stopping .Zip Files"
- In reply to: Jeremy Strachan: "RE: Novarg"
- Next in thread: sloppy seconds: "RE: Novarg"
- Reply: sloppy seconds: "RE: Novarg"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Jeremy Strachan'" <Jeremy.Strachan@ClemengerCommunications.co.nz>, "'sloppy seconds'" <beleguese@yahoo.com> Date: Wed, 28 Jan 2004 20:51:18 -0600
We have our Symantec Gateway server configured to scan all incoming
attachments. It automatically strips all executables and any "encrypted
containers". (password protected zips) This and NAV Corp (managed) has kept
our organization free from worms for three years running now.
Duston Sickler
CompTIA A+ Certified
"Cedo Nilli"
-----Original Message-----
From: Jeremy Strachan [mailto:Jeremy.Strachan@ClemengerCommunications.co.nz]
Sent: Wednesday, January 28, 2004 2:31 PM
To: 'sloppy seconds'
Cc: 'incidents@securityfocus.com'
Subject: RE: Novarg
For what its worth - we use NAV for Exchange, and one of the options is to
block certain attachment types, in this case we block .exe attachments.
NAV looks inside .ZIP files, see's the .exe inside, and blocks (or deletes)
the entire attachment.
That means we aren't dependant on a virus signature being released to block
this worm (or new variants).
Jeremy
National IT Manager
Clemenger Communications Ltd
Microsoft MCSE, Novell CNE, Compaq ASE
-----Original Message-----
From: sloppy seconds [mailto:beleguese@yahoo.com]
Sent: Wednesday, 28 January 2004 5:32 p.m.
To: incidents@securityfocus.com
Subject: Novarg
To all,
Yes as many of you have noticed Novarg is spreading fast. I work for a large
international corporation and we have seen extensive infiltration. However,
this worm has not proved to be as "damaging" as some may claim. The scary
part is that our investment in AV solutions (Trend, Symantec, et al...) has
not protected us. We are now reconsidering our stance on allowing .ZIP files
in Email.
We engineered our own cleaning utility hours before our AV vendors even had
signatures. Infecting lab clients and using diff tools...etc
From a network perspective we are watching for the supposed DOS against SCO.
We have had the outbreak under control just a few hours after it's
inception.
Anyone care to contribute their experience?
Thanks,
Beleguese
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Ivan Coric: "Re: Novarg - Stopping .Zip Files"
- In reply to: Jeremy Strachan: "RE: Novarg"
- Next in thread: sloppy seconds: "RE: Novarg"
- Reply: sloppy seconds: "RE: Novarg"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
