Re: blocking .ZIP attachments

[Gary Flynn <flynngn () JMU EDU>]

John C Borne wrote:

> I apologize if this topic has been discussed before, but I couldn't find
> any direct mention of this specific issue recently.
>
> We have a problem with viruses penetrating the campus "under the radar" so
> to speak. Before a new virus is detected and the anti-virus update is
> written, received, and distributed, we have a window of vulnerability. In
> the past we have lost a considerable amount of time repairing these
> outbreaks. The vector for many of these infections has been through
> attachments especially .ZIP's. At first we were intermittently blocking
> .zip and other attachments; going back and forth between blocking and
> accepting as each new virus appeared. We found that keeping the zip's
> blocked had a big impact on minimizing the impact of new virii.
>
> We've gotten to the point where we cringe at the thought of unblocking
> .zip's and would like to make it permanent. Before I propose this to the
> administration, I wanted to see if anyone could comment on whether they
> are, or are not, blocking zip's and other attachments and if not, what
> other solutions they have considered.

John,

Our experience mirrored yours. We blocked them intermittently as
circumstances dictated. Two rounds of MyDoom ago, we left them
unblocked and the results convinced us to leave them blocked.
They've now been blocked for several weeks and we have no plans
to unblock them. I have heard of no complaints yet.

That said, if our mail server software was intelligent enough
to look inside the zips and just block those with executable
attachments and those it can't examine we'd prefer to do that.
If you're running an open source mail gateway, I think there
are products able to do that.

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.