Security Incidents mailing list archives
Re: Novarg
From: "Steve Bremer" <steveb () nebcoinc com>
Date: Fri, 30 Jan 2004 08:20:45 -0600
Hi
We block all 'zip' attachments and have found it excellent way to
prevent new virus' from entering the network, prior to signatures files being released. And that >also goes for, .pif, .scr, .exe etc. We don't block zip files, but our scanner does extract the contents of all zip files and compares each file contained within against our attachment filtering policies. If a single file is in violation, the entire zip file is blocked. Also, the extracted contents are all virus scanned since some AV products have had troubles in the past with scanning zips. In reference to Jim's comment about password protected zips, we simply block them in order to avoid this problem. Any files blocked by our scanner due to the attachment policy or AV scanner are placed in a quarantine for a short period of time so that we can retrieve them if necessary. Steve Bremer NEBCO, Inc. System & Security Administrator --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Novarg, (continued)
- Re: Novarg Robin Sheat (Jan 30)
- RE: Novarg steve bernacki (Jan 30)
- Re: Novarg Skip Carter (Jan 30)
- RE: Novarg Duston Sickler (Jan 29)
- RE: Novarg sloppy seconds (Jan 30)
- RE: Novarg Robert Morales (Jan 28)
- RE: Novarg Rickert Gerhard (rgerhard) (Jan 29)
- Re: Novarg Ivan Coric (Jan 29)
- RE: Novarg Jeremy Hyland (Jan 30)
- RE: Novarg Ivan Coric (Jan 30)
- Re: Novarg Steve Bremer (Jan 30)