Educause Security Discussion mailing list archives

Re: blocking .ZIP attachments

From: Tim Lane <tlane () SCU EDU AU>
Date: Fri, 20 Aug 2004 10:32:14 +1000

Hi,

at Southern Cross Uni we were blocking zips (and other file types), however
due to the outcry from some academics we decided at the IT steering
committee to unblock them.  We do not intend to block/unblock in response
to each episode.  We have taken the position that if the staff and
academics want to be able to send zips etc, then we will rely on a
combination of our gateway detecting them (which obviously doesn't get them
all), and the client workstations having up to date AV software (not always
the case), and educating users about not clicking on attachments (not
always effective).

The education seems to be working basically ok, however I believe it
remains to be seen whether we have to re block these types of files
permanently.  Unfortunately we don't have workstation registration and
cannot currently enforce AV software and patching on every machine, so we
remain vulnerable at the request of academics and staff.

Regards,

Tim


At 04:53 PM 19/08/2004 -0500, you wrote:

I apologize if this topic has been discussed before, but I couldn't find
any direct mention of this specific issue recently.

We have a problem with viruses penetrating the campus "under the radar" so
to speak. Before a new virus is detected and the anti-virus update is
written, received, and distributed, we have a window of vulnerability. In
the past we have lost a considerable amount of time repairing these
outbreaks. The vector for many of these infections has been through
attachments especially .ZIP's. At first we were intermittently blocking
.zip and other attachments; going back and forth between blocking and
accepting as each new virus appeared. We found that keeping the zip's
blocked had a big impact on minimizing the impact of new virii.

We've gotten to the point where we cringe at the thought of unblocking
.zip's and would like to make it permanent. Before I propose this to the
administration, I wanted to see if anyone could comment on whether they
are, or are not, blocking zip's and other attachments and if not, what
other solutions they have considered.

Thanks.

John Borne
Asst Dir for System Support
Computing Services
Louisiana State University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Ph:  61 2 6620 3290
Fax: 61 2 6620 3033
Email: tlane () scu edu au
http://www.scu.edu.au

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

blocking .ZIP attachments John C Borne (Aug 19)
- <Possible follow-ups>
- Re: blocking .ZIP attachments Jason Richardson (Aug 19)
- Re: blocking .ZIP attachments Smotherman, Brian (Aug 19)
- Re: blocking .ZIP attachments Gary Flynn (Aug 19)
- Re: blocking .ZIP attachments Dave Koontz (Aug 19)
- Re: blocking .ZIP attachments Tim Lane (Aug 19)
- Re: blocking .ZIP attachments John C Borne (Aug 19)
- Re: blocking .ZIP attachments Davis, Thomas R. (Aug 20)
- Re: blocking .ZIP attachments Theresa M Rowe (Aug 20)
- Re: blocking .ZIP attachments Jim Bollinger (Aug 20)
- Re: blocking .ZIP attachments F.L.Ferreri (Aug 20)
- Re: blocking .ZIP attachments Matthew Keller (Aug 20)
- Re: blocking .ZIP attachments Cal Frye (Aug 20)
- Re: blocking .ZIP attachments Jenny Gluck (Aug 20)
- Re: blocking .ZIP attachments Michael_Maloney (Aug 20)
- Re: blocking .ZIP attachments Jeffrey I. Schiller (Aug 20)

(Thread continues...)