Re: Blocking of ZIPs at the mail gateway

[Dewitt Latimer <dewitt () ND EDU>]

I'm surprised at the number of schools that just outright block.

ND's strategy of (1) deleting only those attachments that scan true for
problems and (2) renaming the list below to *.*_unknown to keep them from
autoexecuting has worked flawlessly.  Once the recipient has verified the
authenticity and validity of the attachment, then performing a "Save as" to
recover the file extension is a snap.

We have a happy user community and seem to have effectively mitigated the
risk from attachments.

-d

------------------------------
Dewitt Latimer, Ph.D.
Deputy CIO and Chief Technology Officer
The University of Notre Dame
dewitt () nd edu

-----Original Message-----
From: Daniel Medina [mailto:medina () COLUMBIA EDU]
Sent: Tuesday, September 27, 2005 6:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Blocking of ZIPs at the mail gateway

On Mon, Sep 26, 2005 at 06:20:07PM -0500, Jason Richardson wrote:
> I don't want to start an online debate about the reasonableness of
> blocking ZIPs as a method of preventing viruses, but I am interested in
> knowing about other schools that have done so.

 Ignoring the debate, from our documentation:

Windows uses the three-letter extensions on files to determine the type
of file. Many of the standard file types are executable files, meaning
that Windows will automatically start running them as a program as soon
as they are 'clicked' on. Following the suggestion in a Security Update
from Microsoft , we have blocked the transmission of the following
standard file extensions through our email system.

ade adp app bas bat chm cmd com cpl crt csh dll exe fxp hlp hta ini ins
isp js jse ksh lib lnk mda mdb mde mdt mdw msc msi msp mst ocx ops pcd
pif prg rar reg scr sct shb shs sys vb vbe vbs wsc wsf wsh xsl zip


    Mail Filters
    http://www.columbia.edu/acis/email/delivery/filters/

--
Daniel Medina