RE: sobig.F

[Watkins Capt Timothy J <WatkinsTJ () 4MCD USMC MIL>]

If you have Norton Exchange, you can make registry entries that will strip
emails with attachments named *.pif and *.scr  

We also strip others such as *.exe, *.bat etc...

There are many FAQs on how to set Norton up to do this.  

What type of email server do you have?  What type of virus protection do you
have on it?

The normal user shouldn't be getting files that contain these extensions!

Last week when SoBig was really sending out, we stripped over 20,000 emails!

Tim Watkins

-----Original Message-----
From: Shankara Narayanan [mailto:ssn () zeeaccess com]
Sent: Wednesday, August 27, 2003 12:41 AM
To: Security-Basics
Subject: sobig.F

Hi list,

Hearing scary news about next Sobig version... how to control it , any tips
would be appriciated.

Thanks in advance.

Shankar

--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.167 / Virus Database: 259.11.3 - Release Date: 8/19/03


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------