Educause Security Discussion mailing list archives

Re: Question re: inbound executable files

From: Christian Grewell <christian () NYU EDU>
Date: Thu, 18 Dec 2003 19:02:14 -0400

.zip would no doubt have quite a few negative impacts on the other hand :)

Though with the addition of .zip file association in XP I can see this becoming another avenue for virii and the like - 
it would still require an extra 'click' by the user though.
-----Original Message-----
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 18 Dec 2003 18:03:43
To:SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Question re: inbound executable files

Sadler, Connie wrote:

Is anyone blocking inbound executable files to help prevent viruses,
etc.?

If you mean email attachments, we're blocking quite a few.

There was some resistance to .exe a year or so ago but I
collected statistics that showed only a few percent of
exe attachments weren't viruses. After that, dropping them
was readily accepted once we could notify the recipient
that we did so. Recipients of messages whose attachments
are dropped get the message preceeded by:

"The JMU E-mail system removed a high risk attachment from this message.
The name of the file(s) removed was "%F" .

If you wish to receive this file, ask the sender to rename it with a
different extension before sending it to you. For example, ask them
to rename "file.exe" to "file.jmu". When you receive the file, restore
the original name. A list of high risk attachments blocked by the JMU
E-mail system can be viewed at:
http://secureweb.jmu.edu/computing/security/existing.shtml

(that link requires a login)

Its been in effect since last summer with zero complaints (that I've
heard) and only a few problems. Other executable types have been
blocked for years.

.zip is heading into the radar.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

---------
Christian Grewell

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

Current thread:

Question re: inbound executable files Sadler, Connie (Dec 18)
- <Possible follow-ups>
- Re: Question re: inbound executable files Brian Reilly (Dec 18)
- Re: Question re: inbound executable files Craig W. Drake (Dec 18)
- Re: Question re: inbound executable files Dewitt Latimer (Dec 18)
- Re: Question re: inbound executable files Christian Grewell (Dec 18)
- Re: Question re: inbound executable files Gary Flynn (Dec 18)
- Re: Question re: inbound executable files Clyde Hoadley (Dec 18)
- Question re: inbound executable files ROBERT MYLES (Dec 18)
- Re: Question re: inbound executable files Tim Lane (Dec 18)
- Re: Question re: inbound executable files Cal Frye (Dec 19)