Re: Question re: inbound executable files

[Gary Flynn <flynngn () JMU EDU>]

Sadler, Connie wrote:

> Is anyone blocking inbound executable files to help prevent viruses,
> etc.?

If you mean email attachments, we're blocking quite a few.

There was some resistance to .exe a year or so ago but I
collected statistics that showed only a few percent of
exe attachments weren't viruses. After that, dropping them
was readily accepted once we could notify the recipient
that we did so. Recipients of messages whose attachments
are dropped get the message preceeded by:

"The JMU E-mail system removed a high risk attachment from this message.
 The name of the file(s) removed was "%F" .

 If you wish to receive this file, ask the sender to rename it with a
 different extension before sending it to you. For example, ask them
 to rename "file.exe" to "file.jmu". When you receive the file, restore
 the original name. A list of high risk attachments blocked by the JMU
 E-mail system can be viewed at:
 http://secureweb.jmu.edu/computing/security/existing.shtml

(that link requires a login)

Its been in effect since last summer with zero complaints (that I've
heard) and only a few problems. Other executable types have been
blocked for years.

.zip is heading into the radar.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.