Educause Security Discussion mailing list archives

Re: blocking .ZIP attachments

From: "F.L.Ferreri" <f.ferreri () CSUOHIO EDU>
Date: Fri, 20 Aug 2004 09:24:07 -0400

Like others, we're blocking .zip files as well as *all* other executable
file types.  We don't look into the file, but allow/disallow the attachment
based on the file extension.

There was one professor who complained about not getting his .zips, but when
I explained the reasons and showed him other universities who were doing the
same thing, he accepted.  Since we exclude attachments based on file
extension, he can still get the files he wants from his colleagues if they
append '.csu' (for example) to the file's name.  The new file would look
like 'legitimate.zip.csu'.  The prof would then have to remove the '.csu'.

This has worked very, very well for us.  Virus infections are down to near
zero.

Fabian

- - - - - - - - - - - - - - - - - - - - - - -
F. L. Ferreri
Security Administrator
Cleveland State University
phone: 216.687-2160
fax: 216.687-9200

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John C Borne
Sent: Thursday, August 19, 2004 5:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] blocking .ZIP attachments

I apologize if this topic has been discussed before, but I couldn't find
any direct mention of this specific issue recently.

We have a problem with viruses penetrating the campus "under the radar" so
to speak. Before a new virus is detected and the anti-virus update is
written, received, and distributed, we have a window of vulnerability. In
the past we have lost a considerable amount of time repairing these
outbreaks. The vector for many of these infections has been through
attachments especially .ZIP's. At first we were intermittently blocking
.zip and other attachments; going back and forth between blocking and
accepting as each new virus appeared. We found that keeping the zip's
blocked had a big impact on minimizing the impact of new virii.

We've gotten to the point where we cringe at the thought of unblocking
.zip's and would like to make it permanent. Before I propose this to the
administration, I wanted to see if anyone could comment on whether they
are, or are not, blocking zip's and other attachments and if not, what
other solutions they have considered.

Thanks.

John Borne
Asst Dir for System Support
Computing Services
Louisiana State University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

blocking .ZIP attachments John C Borne (Aug 19)
- <Possible follow-ups>
- Re: blocking .ZIP attachments Jason Richardson (Aug 19)
- Re: blocking .ZIP attachments Smotherman, Brian (Aug 19)
- Re: blocking .ZIP attachments Gary Flynn (Aug 19)
- Re: blocking .ZIP attachments Dave Koontz (Aug 19)
- Re: blocking .ZIP attachments Tim Lane (Aug 19)
- Re: blocking .ZIP attachments John C Borne (Aug 19)
- Re: blocking .ZIP attachments Davis, Thomas R. (Aug 20)
- Re: blocking .ZIP attachments Theresa M Rowe (Aug 20)
- Re: blocking .ZIP attachments Jim Bollinger (Aug 20)
- Re: blocking .ZIP attachments F.L.Ferreri (Aug 20)
- Re: blocking .ZIP attachments Matthew Keller (Aug 20)
- Re: blocking .ZIP attachments Cal Frye (Aug 20)
- Re: blocking .ZIP attachments Jenny Gluck (Aug 20)
- Re: blocking .ZIP attachments Michael_Maloney (Aug 20)
- Re: blocking .ZIP attachments Jeffrey I. Schiller (Aug 20)
- Re: blocking .ZIP attachments Scott Barker (Aug 20)
- Re: blocking .ZIP attachments Lucas, Bryan (Aug 20)