Security Basics mailing list archives
RE: 543.rar attachment
From: <adisegna () siscocorp com>
Date: Mon, 14 Mar 2005 13:51:29 -0500
When Symantec Corp. integrates with Active Directory to allow file attachments by user/group then maybe. For now I only have the choice to allow of block everything. I can't trust some of the non technical users in my organization (marketing, accounting, etc). They ask "what is this" and forward information to the admin every time they get something the don't recognize. This is after being trained numerous times. They are easy prey to socially engineered email. Thanks AD Information Technology Group -----Original Message----- From: Kinnell [mailto:kinnell.t () gmail com] Sent: Monday, March 14, 2005 10:13 AM To: security-basics () securityfocus com Subject: Re: 543.rar attachment On the network I'm a member of we block all exe files sent inside the rar or zip, so even if it is sent the file will be 0byted. Wouldn't that be a better method? otherwise if you block all bz2, zip, rar, etc... then you will block a lot of useful communication -Kinnell On Fri, 11 Mar 2005 16:49:16 -0500, adisegna () siscocorp com <adisegna () siscocorp com> wrote:
Sean, I have to disagree with you. Any file that that can encapsulate
an
executable file should be blocked (IMO). ZIP files are one of the biggest carriers of malicious content these days. I don't make it a habbit of trusting my users no matter how many times they get trained. RAR extraction tools are not part of the software image policy on my network so users are oblivious to the file blocking. What is your solution? Thanks AD Information Technology Group Security Identification Systems Corporation -----Original Message----- From: Sean Crawford [mailto:sean01 () accnet com au] Sent: Tuesday, March 08, 2005 9:39 PM To: security-basics () securityfocus com Subject: RE: 543.rar attachment ---> -----Original Message----- ---> From: adisegna () siscocorp com [mailto:adisegna () siscocorp com] ---> Subject: RE: 543.rar attachment ---> I just recently got the same executable inside .rar. I extracted the ---> dddd.exe and ran a scan on it. Norton Corporate 9.01 didn't find ---> anything (as of 4 days ago). I wasn't about to double click this exe on ---> my corporate network. Block the rar extension on your mail
server.
---> rar is a valid compression format...blocking it isn't a very good solution. 2 cents. Sean
Current thread:
- Re: 543.rar attachment, (continued)
- Message not available
- Re: 543.rar attachment Kinnell (Mar 07)
- Message not available
- Re: 543.rar attachment Thierry Zoller (Mar 07)
- Re: 543.rar attachment Andrew Pretzl (Mar 07)
- RE: 543.rar attachment Andrew Shore (Mar 07)
- RE: 543.rar attachment adisegna (Mar 08)
- RE: 543.rar attachment Sean Crawford (Mar 09)
- RE: 543.rar attachment adisegna (Mar 11)
- Re: 543.rar attachment Kinnell (Mar 14)
- Re: 543.rar attachment Steven DeFord (Mar 14)
- Re: 543.rar attachment Kinnell (Mar 14)
- Re: 543.rar attachment Jonathan Loh (Mar 14)
- RE: 543.rar attachment adisegna (Mar 14)
- Re: 543.rar attachment David J ONEILL (Mar 15)
- RE: 543.rar attachment Sean Crawford (Mar 16)
- Re: 543.rar attachment Jonathan Loh (Mar 15)
- Re: 543.rar attachment Kinnell (Mar 15)
- Re: 543.rar attachment Jonathan Loh (Mar 15)
- Re: 543.rar attachment SAMIR SHUKRI (Mar 16)
- Re: 543.rar attachment Kinnell (Mar 15)
- Re: 543.rar attachment Micro Kluge (Mar 16)