Security Basics mailing list archives
Re: Analyzing Suspicious Attachment
From: "Lee Hinman" <matthew.hinman () gmail com>
Date: Fri, 18 Jan 2008 13:17:42 -0700
If you have some kind of filtering software that can filter based on attachment binary inspection, you can filter based on the first 4 bytes of the file: 50 4B 03 04 @ offset 0 Which should be common in any .zip file, renamed or otherwise. - Lee On Jan 18, 2008 10:41 AM, Petter Bruland <pbruland () fcglv com> wrote:
We rely almost 100% on using ZIP files when emailing documents/images etc, so I too would like to hear more about elimination of ZIP file. I do welcome any other solution, as far as it's not too much work for our lazy employees. :-) But I have to give most of my users credit for not opening attachments from unknown senders, or even unexpected attachments from known senders. Every now and then I get a call about a suspicious attachment, which they tell me I can find in their deleted items. At my last company everyone opened everything, even when they were told not to. Thanks everyone, for your contributions to all the various discussions on this list! I really enjoy all the good information! -Petter -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Josh Haft Sent: Friday, January 18, 2008 8:30 AM To: Richard Golodner Cc: security-basics () securityfocus com Subject: Re: Analyzing Suspicious Attachment On Jan 17, 2008 6:42 PM, Richard Golodner <rgolodner () infratection com> wrote:Why do you allow .zip onto your network anyway? Danger Will Robinson. Hope things this group has suggested have helped you sort it out Al. most sincerely, RichardRichard, I agree that zip files can be dangerous, but I'm curious about other options. Please share your experiences in eliminating this type of file from your network.
Current thread:
- Re: Remote desktop access policy, (continued)
- Re: Remote desktop access policy Gleb Paharenko (Jan 18)
- Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Analyzing Suspicious Attachment Geoffrey Gowey (Jan 17)
- Re: Analyzing Suspicious Attachment Ali, Saqib (Jan 17)
- Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)
- RE: Analyzing Suspicious Attachment Nick Vaernhoej (Jan 17)
- RE: Analyzing Suspicious Attachment Timmothy Lester (Jan 17)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Josh Haft (Jan 18)
- RE: Analyzing Suspicious Attachment Petter Bruland (Jan 18)
- Re: Analyzing Suspicious Attachment Lee Hinman (Jan 18)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Ansgar -59cobalt- Wiechers (Jan 18)