Security Incidents mailing list archives
RES: Novarg
From: "Romulo M. Cholewa" <rmc () rmc eti br>
Date: Wed, 28 Jan 2004 13:58:13 -0300
I would like to point out that there are products that check inside compressed files, like zip. I have lots of customers that use email gateway AV systems, and configuring them to reject .scr, .pif, .exe, .com (etc etc) by default proved to be the way to go. Notably, the Symantec AV for SMTP Gateways is able to do that, Im not sure about other products. Unfortunately, those emails rejected due to a file extension will not get scanned, and will be simply dropped. This give us some false statistics about viruses, since the engine won't be aware of them. Frankly, Im not that worried about it, once that they get caught. Romulo M. Cholewa Home : http://www.rmc.eti.br PGP Keys Available @ website. ] -----Mensagem original----- ] De: sloppy seconds [mailto:beleguese () yahoo com] ] Enviada em: quarta-feira, 28 de janeiro de 2004 01:32 ] Para: incidents () securityfocus com ] Assunto: Novarg ] ] ] To all, ] ] Yes as many of you have noticed Novarg is spreading ] fast. I work for a large international corporation and ] we have seen extensive infiltration. However, this ] worm has not proved to be as "damaging" as some may ] claim. The scary part is that our investment in AV ] solutions (Trend, Symantec, et al...) has not ] protected us. We are now reconsidering our stance on ] allowing .ZIP files in Email. ] ] We engineered our own cleaning utility hours before ] our AV vendors even had signatures. Infecting lab ] clients and using diff tools...etc ] ] From a network perspective we are watching for the ] supposed DOS against SCO. ] ] We have had the outbreak under control just a few ] hours after it's inception. ] ] Anyone care to contribute their experience? ] ] Thanks, ] Beleguese ] ] ] __________________________________ ] Do you Yahoo!? ] Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RES: Novarg Romulo M. Cholewa (Jan 28)