[rescue] Re: NetApps

Charles Shannon Hendrix shannon at widomaker.com
Thu Apr 8 12:25:21 CDT 2004


Thu, 08 Apr 2004 @ 11:02 -0500, Mike Parson said:

> On Thu, Apr 08, 2004 at 11:39:41AM -0400, Phil Stracchino wrote:
> > On Thu, Apr 08, 2004 at 10:17:36AM -0400, Kevin wrote:
> >> I do not allow any *.zip files through our mail servers and i'm
> >> able to keep my job just fine.  Please enlighten me with your
> >> proposed solution to the problem?
> >
> > I think the issue here is, "We're worried about viruses and trojans, but
> > we're not going to bother actually SCANNING attachments, we're just
> > going to block anything that has a .zip extension without bothering to
> > check whether the filetype actually matches the extension or not, so if
> > you want to trivially defeat our pathetic excuse for a security measure,
> > just rename your .zip file to .scr or something."
> 
> The problem with trying to scan the zip files is that the latest round
> of virii/trojans passwd protect the zip files and include the passwd in
> the text of the message.  Harder to automate the virus checking on that
> sort of thing.

Why not delete any zip which cannot be scanned, but pass the rest?

I always try to get local users to use the scratch volumes that I set
aside specifically for the purpose of file sharing.

I also generally try to create some anonymous ftp for outsiders to use.

However, it is like the genie is out of the bottle WRT email
attachments, and it is hard to get people to use other methods.

I've been in shops where people put source code and data files in Lotus
Notes.  They said this would ensure source and data integrity because it
was in a single place.

I suppose they didn't understand that Notes didn't actually *run* the
code and read the data, since that was on Sun servers...

> What bugs me is that people are STILL jumping through all the hoops to
> propagate these things.  I could almost accept the "open the message and
> it's too late" type infections, but when you have to open the message,
> click on the zip file, type in a password, THEN you're infected... never
> underestimate the power of human stupidity.

Have you ever seen a monkey who has been given a bottle with a treat in
it, one where the neck is too narrow for him to remove the treat, but
small enough for him to get his hand in?

Lusers are a lot like that...







-- 
shannon "AT" widomaker.com -- ["It's a damn poor mind that can only think
of one way to spell a word." -- Andrew Jackson]



More information about the rescue mailing list