Educause Security Discussion mailing list archives
Re: Question re: inbound executable files
From: Dewitt Latimer <dewitt () ND EDU>
Date: Thu, 18 Dec 2003 17:58:11 -0500
At Notre Dame, we do not block or delete potentially harmful attachments, but we do rename them so they are rendered benign. The attachment is renamed to .xxx_unknown, where xxx is the original extension. (trojanhorse.exe becomes trojanhorse.exe_unknown) We then append to the original e-mail message body that the attachment was renamed, why it was renamed, and only to rename it back if they are 100% sure that the payload is harmless. We rename the following extensions: ade adp app asd asf asx bas bat chm cmd com cpl crt dll exe fxp hlp hta hto inf ini ins isp jse* lib lnk mdb mde msc msi msp mst ocx pcd pif prg reg scr sct sh shb shs sys url vb vbe vbs vcs vxd wmd wms wmz wsc wsf wsh -d ------------------------------ Dewitt Latimer, Ph.D. Deputy CIO and Chief Technology Officer The University of Notre Dame dewitt () nd edu ----- Original Message ----- From: "Sadler, Connie" <Connie_Sadler () BROWN EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Thursday, December 18, 2003 5:26 PM Subject: [SECURITY] Question re: inbound executable files Is anyone blocking inbound executable files to help prevent viruses, etc.? Connie J. Sadler, CM, CISSP, CISM Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu PGP Fingerprint: 452A C178 1450 9CE1 3AC1 CC12 956F 2C55 DB94 A9C7 Office: 401-863-7266 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Question re: inbound executable files Sadler, Connie (Dec 18)
- <Possible follow-ups>
- Re: Question re: inbound executable files Brian Reilly (Dec 18)
- Re: Question re: inbound executable files Craig W. Drake (Dec 18)
- Re: Question re: inbound executable files Dewitt Latimer (Dec 18)
- Re: Question re: inbound executable files Christian Grewell (Dec 18)
- Re: Question re: inbound executable files Gary Flynn (Dec 18)
- Re: Question re: inbound executable files Clyde Hoadley (Dec 18)
- Question re: inbound executable files ROBERT MYLES (Dec 18)
- Re: Question re: inbound executable files Tim Lane (Dec 18)
- Re: Question re: inbound executable files Cal Frye (Dec 19)