Re: Novarg

From: Steve Bremer (steveb_at_nebcoinc.com)
Date: 01/30/04

  • Next message: Mark Blaszczyk: "Novarg DOS Payload"
    Date: Fri, 30 Jan 2004 08:20:45 -0600
    To: <incidents@securityfocus.com>
    
    

    Hi

    >We block all 'zip' attachments and have found it excellent way to
    prevent new virus' from entering the network, prior to signatures files
    being released. And that >also goes for, .pif, .scr, .exe etc.

    We don't block zip files, but our scanner does extract the contents of
    all zip files and compares each file contained within against our
    attachment filtering policies. If a single file is in violation, the
    entire zip file is blocked. Also, the extracted contents are all virus
    scanned since some AV products have had troubles in the past with
    scanning zips.

    In reference to Jim's comment about password protected zips, we simply
    block them in order to avoid this problem.

    Any files blocked by our scanner due to the attachment policy or AV
    scanner are placed in a quarantine for a short period of time so that we
    can retrieve them if necessary.

    Steve Bremer
    NEBCO, Inc.
    System & Security Administrator

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Mark Blaszczyk: "Novarg DOS Payload"