Educause Security Discussion mailing list archives
Re: Question re: inbound executable files
From: Clyde Hoadley <hoadleyc () MSCD EDU>
Date: Thu, 18 Dec 2003 16:16:33 -0700
At Metropolitan State College of Denver, we do not block any file attachments but we do run the Sophos anti-virus scanner on our Email server. All Email (in or out) that passes through our mail server is scanned for viruses and Trojans. We do have to be very attentive to add supplemental signatures to Sophos (http://www.sophos.com/). We block outgoing tcp port 25 connections except for those that are created by our Email server. -- Clyde Hoadley Security & Disaster Recovery Coordinator Division of Information Technology Metropolitan State College of Denver hoadleyc () mscd edu http://clem.mscd.edu/~hoadleyc/ (303) 556-5074 Dewitt Latimer wrote:
At Notre Dame, we do not block or delete potentially harmful attachments, but we do rename them so they are rendered benign. The attachment is renamed to .xxx_unknown, where xxx is the original extension. (trojanhorse.exe becomes trojanhorse.exe_unknown) We then append to the original e-mail message body that the attachment was renamed, why it was renamed, and only to rename it back if they are 100% sure that the payload is harmless. We rename the following extensions: ade adp app asd asf asx bas bat chm cmd com cpl crt dll exe fxp hlp hta hto inf ini ins isp jse* lib lnk mdb mde msc msi msp mst ocx pcd pif prg reg scr sct sh shb shs sys url vb vbe vbs vcs vxd wmd wms wmz wsc wsf wsh -d ------------------------------ Dewitt Latimer, Ph.D. Deputy CIO and Chief Technology Officer The University of Notre Dame dewitt () nd edu ----- Original Message ----- From: "Sadler, Connie" <Connie_Sadler () BROWN EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Thursday, December 18, 2003 5:26 PM Subject: [SECURITY] Question re: inbound executable files Is anyone blocking inbound executable files to help prevent viruses, etc.? Connie J. Sadler, CM, CISSP, CISM Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu PGP Fingerprint: 452A C178 1450 9CE1 3AC1 CC12 956F 2C55 DB94 A9C7 Office: 401-863-7266 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Question re: inbound executable files Sadler, Connie (Dec 18)
- <Possible follow-ups>
- Re: Question re: inbound executable files Brian Reilly (Dec 18)
- Re: Question re: inbound executable files Craig W. Drake (Dec 18)
- Re: Question re: inbound executable files Dewitt Latimer (Dec 18)
- Re: Question re: inbound executable files Christian Grewell (Dec 18)
- Re: Question re: inbound executable files Gary Flynn (Dec 18)
- Re: Question re: inbound executable files Clyde Hoadley (Dec 18)
- Question re: inbound executable files ROBERT MYLES (Dec 18)
- Re: Question re: inbound executable files Tim Lane (Dec 18)
- Re: Question re: inbound executable files Cal Frye (Dec 19)