Educause Security Discussion mailing list archives
Re: Blocking of ZIPs at the mail gateway
From: Dewitt Latimer <dewitt () ND EDU>
Date: Tue, 27 Sep 2005 08:08:43 -0500
I'm surprised at the number of schools that just outright block. ND's strategy of (1) deleting only those attachments that scan true for problems and (2) renaming the list below to *.*_unknown to keep them from autoexecuting has worked flawlessly. Once the recipient has verified the authenticity and validity of the attachment, then performing a "Save as" to recover the file extension is a snap. We have a happy user community and seem to have effectively mitigated the risk from attachments. -d ------------------------------ Dewitt Latimer, Ph.D. Deputy CIO and Chief Technology Officer The University of Notre Dame dewitt () nd edu -----Original Message----- From: Daniel Medina [mailto:medina () COLUMBIA EDU] Sent: Tuesday, September 27, 2005 6:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Blocking of ZIPs at the mail gateway On Mon, Sep 26, 2005 at 06:20:07PM -0500, Jason Richardson wrote:
I don't want to start an online debate about the reasonableness of blocking ZIPs as a method of preventing viruses, but I am interested in knowing about other schools that have done so.
Ignoring the debate, from our documentation: Windows uses the three-letter extensions on files to determine the type of file. Many of the standard file types are executable files, meaning that Windows will automatically start running them as a program as soon as they are 'clicked' on. Following the suggestion in a Security Update from Microsoft , we have blocked the transmission of the following standard file extensions through our email system. ade adp app bas bat chm cmd com cpl crt csh dll exe fxp hlp hta ini ins isp js jse ksh lib lnk mda mdb mde mdt mdw msc msi msp mst ocx ops pcd pif prg rar reg scr sct shb shs sys vb vbe vbs wsc wsf wsh xsl zip Mail Filters http://www.columbia.edu/acis/email/delivery/filters/ -- Daniel Medina
Current thread:
- Blocking of ZIPs at the mail gateway Jason Richardson (Sep 26)
- <Possible follow-ups>
- Re: Blocking of ZIPs at the mail gateway Gary Dobbins (Sep 26)
- Re: Blocking of ZIPs at the mail gateway Cal Frye (Sep 26)
- Re: Blocking of ZIPs at the mail gateway Daniel Medina (Sep 27)
- Re: Blocking of ZIPs at the mail gateway Gary Flynn (Sep 27)
- Re: Blocking of ZIPs at the mail gateway Dewitt Latimer (Sep 27)
- Re: Blocking of ZIPs at the mail gateway Jason Richardson (Sep 27)