Re: Novarg
From: Steve Bremer (steveb_at_nebcoinc.com)
Date: 01/30/04
- Previous message: Skip Carter: "Re: Novarg"
- Maybe in reply to: sloppy seconds: "Novarg"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 08:20:45 -0600 To: <incidents@securityfocus.com>
Hi
>We block all 'zip' attachments and have found it excellent way to
prevent new virus' from entering the network, prior to signatures files
being released. And that >also goes for, .pif, .scr, .exe etc.
We don't block zip files, but our scanner does extract the contents of
all zip files and compares each file contained within against our
attachment filtering policies. If a single file is in violation, the
entire zip file is blocked. Also, the extracted contents are all virus
scanned since some AV products have had troubles in the past with
scanning zips.
In reference to Jim's comment about password protected zips, we simply
block them in order to avoid this problem.
Any files blocked by our scanner due to the attachment policy or AV
scanner are placed in a quarantine for a short period of time so that we
can retrieve them if necessary.
Steve Bremer
NEBCO, Inc.
System & Security Administrator
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Skip Carter: "Re: Novarg"
- Maybe in reply to: sloppy seconds: "Novarg"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
