Re: SMTP activity

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 03/31/04

• Next message: dearly: "Re: Colasoft Packet Sniffer Doesn't See Internet Traffic"
• Previous message: Lassi Hippeläinen: "Re: Checkpoint FW-1 and linux Freeswan VPN problem"
• In reply to: Bluto: "Re: SMTP activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 31 Mar 2004 12:24:35 GMT

You bring up a lot of good points, but I think they're aimed at the
wrong target.

If a corporate system gets infected, it's more the fault of the
administrator and corporate policy than it is the AV software.

All corporate anti-virus software has the ability to remove attachments
from incoming e-mails based on extensions. That means that there are
simple ways of effectively blocking all executable attachments before
they reach the client. Some companies even block non-executable
attachments which are known to carry viruses (MS Word, MS Excel, etc).

All virus signatures should be updated at least every 24 hours.
Scheduling works fine on the corporate products I've used, so that's not
an issue. Any administrator that hasn't set their AV software to update
itself every night has greatly underestimated the threat of current
viruses. I have not had any issues with the scheduling service on any
NT4 server or W2K server, but maybe that's just me...

There are little protection against day-zero viruses. You can secure IE
by applying proper policy, which with AD is a fairly uncomplicated task.
Blocking Active-X by policy is a simple matter, as is restricting
Java/JavaScript.

So, there are ways to limit your exposure to these threats. The fact
that some companies still are infected just goes to show that some
admins have more money than brains, or that upper management has no clue
how expensive downtime is and how little it costs to protect against it.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

---

• Next message: dearly: "Re: Colasoft Packet Sniffer Doesn't See Internet Traffic"
• Previous message: Lassi Hippeläinen: "Re: Checkpoint FW-1 and linux Freeswan VPN problem"
• In reply to: Bluto: "Re: SMTP activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages CERT Advisory CA-2004-02 Email-borne Viruses ... CERT Advisory CA-2004-02 Email-borne Viruses ... Source: CERT/CC ... Unsolicited email messages containing attachments are sent ... A virus infection can have significant consquences on your computer ... (Cert) CERT Advisory CA-2004-02 Email-borne Viruses ... CERT Advisory CA-2004-02 Email-borne Viruses ... Source: CERT/CC ... Unsolicited email messages containing attachments are sent ... A virus infection can have significant consquences on your computer ... (Cert) Re: RAID Question ... This message has been checked for all known viruses. ... The information contained in this e-mail and any attachments is confidential ... parties without the prior permission of the originator. ... Dave Patrick ....Please no email replies - reply in newsgroup. ... (microsoft.public.windows.server.general) Re: Migrating from Exchange ... >> any disclosure, reproduction, distribution or use of this ... >> Messages and attachments are scanned for all viruses known. ... >> files have NOT been scanned for viruses by the Nordix mail domain. ... (RedHat) Re: [Full-disclosure] Administrivia: A new home for FD ... I shouldn't have to "fix" my settings for the damn list! ... Please check any attachments for viruses and defects ... (Full-Disclosure)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)