nanog mailing list archives
Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes)
From: Valdis.Kletnieks () vt edu
Date: Sat, 15 Dec 2001 00:54:40 -0500
On Sat, 15 Dec 2001 03:11:29 GMT, Hermann Wecke <hermann () rodeios com> said:
isn't it easier to stick a procmail recipe into the NANOG mail system dropping double extension files and other highly dangerous extensions, such as .scr, .lnk, .com, .dll, .pif and others???
Well.. that's closer than trying to restrict it based on size.
It's still wrong though, because the filtering *should* be done based on
the MIME type. Of course, the whole *problem* here is that malware is
able to wave its little digital arms, hop up and down, and say:
"I'm a text/plain called whoops.exe - of course it's safe to run me,
who ever heard of a malicious text/plain?!"
Personally, I'd recommend a controlled burn, except that we've been having one
every 2 weeks already.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
Attachment:
_bin
Description:
Current thread:
- "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Simon Lyall (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) ... (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Valdis . Kletnieks (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) ben hubbard (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Steven J. Sobol (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) ben hubbard (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Scott Francis (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Hermann Wecke (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Valdis . Kletnieks (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) Valdis . Kletnieks (Dec 14)
- Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes) ... (Dec 14)