Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RES: Novarg

From: "Romulo M. Cholewa" <rmc () rmc eti br>
Date: Wed, 28 Jan 2004 13:58:13 -0300
I would like to point out that there are products that check inside
compressed files, like zip.

I have lots of customers that use email gateway AV systems, and
configuring them to reject .scr, .pif, .exe, .com (etc etc) by default
proved to be the way to go. Notably, the Symantec AV for SMTP Gateways
is able to do that, Im not sure about other products.

Unfortunately, those emails rejected due to a file extension will not
get scanned, and will be simply dropped. This give us some false
statistics about viruses, since the engine won't be aware of them.
Frankly, Im not that worried about it, once that they get caught.

Romulo M. Cholewa
Home : http://www.rmc.eti.br
PGP Keys Available @ website.




] -----Mensagem original-----
] De: sloppy seconds [mailto:beleguese () yahoo com] 
] Enviada em: quarta-feira, 28 de janeiro de 2004 01:32
] Para: incidents () securityfocus com
] Assunto: Novarg
] 
] 
] To all, 
] 
] Yes as many of you have noticed Novarg is spreading
] fast. I work for a large international corporation and
] we have seen extensive infiltration. However, this
] worm has not proved to be as "damaging" as some may
] claim. The scary part is that our investment in AV
] solutions (Trend, Symantec, et al...) has not
] protected us. We are now reconsidering our stance on
] allowing .ZIP files in Email. 
] 
] We engineered our own cleaning utility hours before
] our AV vendors even had signatures. Infecting lab
] clients and using diff tools...etc
] 
] From a network perspective we are watching for the
] supposed DOS against SCO. 
] 
] We have had the outbreak under control just a few
] hours after it's inception. 
] 
] Anyone care to contribute their experience?
] 
] Thanks, 
] Beleguese
] 
] 
] __________________________________
] Do you Yahoo!?
] Yahoo! SiteBuilder - Free web site building tool. Try it! 
http://webhosting.yahoo.com/ps/sb/

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: