Re: 543.rar attachment

From: David J ONEILL (David.J.Oneill_at_state.or.us)
Date: 03/15/05

  • Next message: hartmann: "Any remote client - without fixed IP" 
    Date: Mon, 14 Mar 2005 16:18:48 -0800
To: <kinnell.t@gmail.com>, <security-basics@securityfocus.com>, <kj6loh@yahoo.com>

    Gee, why not just block ALL email communication. That would save you
    some work too.

    Archive files are a necessary part of communication and very beneficial
    in saving bandwidth.

    Let's have a reality check ....

    David J O'Neill
    Senior Systems Analyst
    State of Oregon
    Department of Human Services
    Office of Information Services
    PH# 503.378.2101 ext. 280
    email david.j.oneill@state.or.us

    >>> Jonathan Loh <kj6loh@yahoo.com> 03/14/05 02:21PM >>>
    Ok that's a solution. But what I want to ask you is this. How much
    overhead
    does it take to do this? Blocking archive files would be an easier
    method with
    little overhead. Possibly with a reply to sender that your site does
    not
    accept archive files.
    --- Kinnell <kinnell.t@gmail.com> wrote:
    > On the network I'm a member of we block all exe files sent inside
    the
    > rar or zip, so even if it is sent the file will be 0byted. Wouldn't
    > that be a better method? otherwise if you block all bz2, zip, rar,
    > etc... then you will block a lot of useful communication
    >
    > -Kinnell
    >
    > On Fri, 11 Mar 2005 16:49:16 -0500, adisegna@siscocorp.com
    > <adisegna@siscocorp.com> wrote:
    > > Sean, I have to disagree with you. Any file that that can
    encapsulate an
    > > executable file should be blocked (IMO). ZIP files are one of the
    > > biggest carriers of malicious content these days. I don't make it
    a
    > > habbit of trusting my users no matter how many times they get
    trained.
    > > RAR extraction tools are not part of the software image policy on
    my
    > > network so users are oblivious to the file blocking. What is your
    > > solution?
    > >
    > > Thanks
    > >
    > > AD
    > > Information Technology Group
    > > Security Identification Systems Corporation
    > >
    > > -----Original Message-----
    > > From: Sean Crawford [mailto:sean01@accnet.com.au]
    > > Sent: Tuesday, March 08, 2005 9:39 PM
    > > To: security-basics@securityfocus.com
    > > Subject: RE: 543.rar attachment
    > >
    > > ---> -----Original Message-----
    > > ---> From: adisegna@siscocorp.com [mailto:adisegna@siscocorp.com]
    > >
    > > ---> Subject: RE: 543.rar attachment
    > >
    > > ---> I just recently got the same executable inside .rar. I
    extracted
    > > the
    > > ---> dddd.exe and ran a scan on it. Norton Corporate 9.01 didn't
    find
    > > ---> anything (as of 4 days ago). I wasn't about to double click
    this
    > > exe on
    > > ---> my corporate network. Block the rar extension on your mail
    server.
    > > --->
    > >
    > > rar is a valid compression format...blocking it isn't a very good
    > > solution.
    > >
    > > 2 cents.
    > >
    > > Sean
    > >
    > >
    >

                    
    __________________________________
    Do you Yahoo!?
    Yahoo! Small Business - Try our new resources site!
    http://smallbusiness.yahoo.com/resources/

  • Next message: hartmann: "Any remote client - without fixed IP"