Re: Bagle.j out

[Cal Frye <cjf () CALFRYE COM>]

At Oberlin, we've been stripping .zip attachments all month. I won't go
into lengthy details on philosophy, that's been done. I also wouldn't
get too detailed in identifying which .zip attachments to block --
you'll be changing this all the time. We considered removing the block a
day or so ago, but then activity increased again with this new variant.
The number of false positives is really rather small. I might sing a
different song with the next round of infected .doc attachments ;-)

 We're trying to use this as a user-education opportunity: rename .zip
files to something non-executable, personalize your messages so the
recipient can identify the sender, and importantly, no one in CIT will
send impersonal email to all users containing ANY sort of attachment. We
will direct users to our own web pages, and as much as is prudent, email
will be signed by a person identifiable in the campus directory as
authoritative.

Jason Richardson wrote:
> Question: has anyone resorted to dropping ZIPs and/or other attachments
> at your gateways until/unless this storm passes?  I mentioned in a
> meeting that I would be proposing it to my management and received the
> predictable reaction, i.e., "you can't block ZIPs, we won't be able to
> do business."  Of course I was not deterred but I also haven't been
> given clearance to block the attachments.

--
--Cal Frye, Network Administrator, Oberlin College
 www.ouuf.org, www.calfrye.com

  "Laughter is the sound that knowledge makes when it's born." -- The
Cluetrain Manifesto

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.