Security Incidents mailing list archives

Re: Novarg

From: "Steve Bremer" <steveb () nebcoinc com>
Date: Fri, 30 Jan 2004 08:20:45 -0600

Hi

We block all 'zip' attachments and have found it excellent way to

prevent new virus' from entering the network, prior to signatures files
being released. And that >also goes for, .pif, .scr, .exe etc.

We don't block zip files, but our scanner does extract the contents of
all zip files and compares each file contained within against our
attachment filtering policies.  If a single file is in violation, the
entire zip file is blocked.  Also, the extracted contents are all virus
scanned since some AV products have had troubles in the past with
scanning zips.

In reference to Jim's comment about password protected zips, we simply
block them in order to avoid this problem.

Any files blocked by our scanner due to the attachment policy or AV
scanner are placed in a quarantine for a short period of time so that we
can retrieve them if necessary.

Steve Bremer
NEBCO, Inc.
System & Security Administrator


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Novarg, (continued)
- - - Re: Novarg Robin Sheat (Jan 30)
    - RE: Novarg steve bernacki (Jan 30)
    - Re: Novarg Skip Carter (Jan 30)
  - RE: Novarg Duston Sickler (Jan 29)
    - RE: Novarg sloppy seconds (Jan 30)
- RE: Novarg Robert Morales (Jan 28)
  - RE: Novarg Rickert Gerhard (rgerhard) (Jan 29)
- Re: Novarg Ivan Coric (Jan 29)
  - RE: Novarg Jeremy Hyland (Jan 30)
- RE: Novarg Ivan Coric (Jan 30)
- Re: Novarg Steve Bremer (Jan 30)