Re: 543.rar attachment

• Previous message: Steve Fletcher: "RE: Security Certifications"
• In reply to: adisegna_at_siscocorp.com: "RE: 543.rar attachment"
• Next in thread: Steven DeFord: "Re: 543.rar attachment"
• Reply: Steven DeFord: "Re: 543.rar attachment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 14 Mar 2005 09:13:03 -0600
To: security-basics@securityfocus.com

On the network I'm a member of we block all exe files sent inside the
rar or zip, so even if it is sent the file will be 0byted. Wouldn't
that be a better method? otherwise if you block all bz2, zip, rar,
etc... then you will block a lot of useful communication

-Kinnell

On Fri, 11 Mar 2005 16:49:16 -0500, adisegna@siscocorp.com
<adisegna@siscocorp.com> wrote:
> Sean, I have to disagree with you. Any file that that can encapsulate an
> executable file should be blocked (IMO). ZIP files are one of the
> biggest carriers of malicious content these days. I don't make it a
> habbit of trusting my users no matter how many times they get trained.
> RAR extraction tools are not part of the software image policy on my
> network so users are oblivious to the file blocking. What is your
> solution?
>
> Thanks
>
> AD
> Information Technology Group
> Security Identification Systems Corporation
>
> -----Original Message-----
> From: Sean Crawford [mailto:sean01@accnet.com.au]
> Sent: Tuesday, March 08, 2005 9:39 PM
> To: security-basics@securityfocus.com
> Subject: RE: 543.rar attachment
>
> ---> -----Original Message-----
> ---> From: adisegna@siscocorp.com [mailto:adisegna@siscocorp.com]
>
> ---> Subject: RE: 543.rar attachment
>
> ---> I just recently got the same executable inside .rar. I extracted
> the
> ---> dddd.exe and ran a scan on it. Norton Corporate 9.01 didn't find
> ---> anything (as of 4 days ago). I wasn't about to double click this
> exe on
> ---> my corporate network. Block the rar extension on your mail server.
> --->
>
> rar is a valid compression format...blocking it isn't a very good
> solution.
>
> 2 cents.
>
> Sean
>
>

• Previous message: Steve Fletcher: "RE: Security Certifications"
• In reply to: adisegna_at_siscocorp.com: "RE: 543.rar attachment"
• Next in thread: Steven DeFord: "Re: 543.rar attachment"
• Reply: Steven DeFord: "Re: 543.rar attachment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Network traffic compression ... >My application burdens the network damn good. ... I need TStream support; encryption is obligatory. ... Why not using RAR? ... (borland.public.delphi.thirdpartytools.general) RE: 543.rar attachment ... Sean, I have to disagree with you. ... biggest carriers of malicious content these days. ... ---> my corporate network. ... Block the rar extension on your mail server. ... (Security-Basics) Please - I want to download visual studio .net ... I couldn't believe that there is no ftp sites from which everyone can ... download visual studio files (or CD as iso's, rar or exe files). ... (microsoft.public.vsnet.general)