Re: 543.rar attachment
From: Jonathan Loh (kj6loh_at_yahoo.com)
Date: Mon, 14 Mar 2005 14:21:31 -0800 (PST) To: Kinnell <firstname.lastname@example.org>, email@example.com
Ok that's a solution. But what I want to ask you is this. How much overhead
does it take to do this? Blocking archive files would be an easier method with
little overhead. Possibly with a reply to sender that your site does not
accept archive files.
--- Kinnell <firstname.lastname@example.org> wrote:
> On the network I'm a member of we block all exe files sent inside the
> rar or zip, so even if it is sent the file will be 0byted. Wouldn't
> that be a better method? otherwise if you block all bz2, zip, rar,
> etc... then you will block a lot of useful communication
> On Fri, 11 Mar 2005 16:49:16 -0500, email@example.com
> <firstname.lastname@example.org> wrote:
> > Sean, I have to disagree with you. Any file that that can encapsulate an
> > executable file should be blocked (IMO). ZIP files are one of the
> > biggest carriers of malicious content these days. I don't make it a
> > habbit of trusting my users no matter how many times they get trained.
> > RAR extraction tools are not part of the software image policy on my
> > network so users are oblivious to the file blocking. What is your
> > solution?
> > Thanks
> > AD
> > Information Technology Group
> > Security Identification Systems Corporation
> > -----Original Message-----
> > From: Sean Crawford [mailto:email@example.com]
> > Sent: Tuesday, March 08, 2005 9:39 PM
> > To: firstname.lastname@example.org
> > Subject: RE: 543.rar attachment
> > ---> -----Original Message-----
> > ---> From: email@example.com [mailto:firstname.lastname@example.org]
> > ---> Subject: RE: 543.rar attachment
> > ---> I just recently got the same executable inside .rar. I extracted
> > the
> > ---> dddd.exe and ran a scan on it. Norton Corporate 9.01 didn't find
> > ---> anything (as of 4 days ago). I wasn't about to double click this
> > exe on
> > ---> my corporate network. Block the rar extension on your mail server.
> > --->
> > rar is a valid compression format...blocking it isn't a very good
> > solution.
> > 2 cents.
> > Sean
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!