Re: 543.rar attachment
From: Steven DeFord (security.willworker_at_gmail.com)
Date: 03/14/05
- Previous message: adisegna_at_siscocorp.com: "RE: ICQ Corporate Security Risks"
- In reply to: Kinnell: "Re: 543.rar attachment"
- Next in thread: Jonathan Loh: "Re: 543.rar attachment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Mar 2005 10:54:53 -0800 To: security-basics@securityfocus.com
On Mon, 14 Mar 2005 09:13:03 -0600, Kinnell <kinnell.t@gmail.com> wrote:
> On the network I'm a member of we block all exe files sent inside the
> rar or zip, so even if it is sent the file will be 0byted. Wouldn't
> that be a better method? otherwise if you block all bz2, zip, rar,
> etc... then you will block a lot of useful communication
>
> -Kinnell
What about password-protected (encrypted) .zip archives? Some common
virus propagation methods avoid detection by encrypting the virus in a
.zip archive and giving the user the password, telling the user to
decrypt the archive and run the virus (couched in persuasive terms).
Because of this, it can be hard to determine what's in a .zip file.
(I don't know anything about .rars.)
-- Steven DeFord steve@singingtree.com (925) 596-0426
- Previous message: adisegna_at_siscocorp.com: "RE: ICQ Corporate Security Risks"
- In reply to: Kinnell: "Re: 543.rar attachment"
- Next in thread: Jonathan Loh: "Re: 543.rar attachment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
