Educause Security Discussion mailing list archives
Re: blocking .ZIP attachments
From: Jenny Gluck <Jsgluck () SYR EDU>
Date: Fri, 20 Aug 2004 12:50:03 -0400
We do not block attachments. We use Trend Micro's Interscan VirusWall engine on our SMTP mail router to handle viruses. VirusWall uncompresses and scans: PKZIP, ZIP TO EXE, ARJ, ARJ TO EXE, LHA, LHA TO EXE, BINHEX, UUENCODE, BASE64, TAR, GZIP(.GZ), LZEXE, PKLITE, DIET, MSCOMPRESS, CABINET(.CAB), UNIX LZW, COMPRESS(.Z), UNIX PACK(.Z) files. It isn't perfect, because when a new virus occurs we have to wait for the automated pattern update. - Jenny Jenny Sara Gluck Director, Network and Communication Services Syracuse University 201 Machinery Hall Syracuse, New York 13244 Voice: 315.443.5772 Email: jsgluck () syr edu
jcb () LSU EDU 8/19/2004 5:53:20 PM >>>
I apologize if this topic has been discussed before, but I couldn't find any direct mention of this specific issue recently. We have a problem with viruses penetrating the campus "under the radar" so to speak. Before a new virus is detected and the anti-virus update is written, received, and distributed, we have a window of vulnerability. In the past we have lost a considerable amount of time repairing these outbreaks. The vector for many of these infections has been through attachments especially .ZIP's. At first we were intermittently blocking .zip and other attachments; going back and forth between blocking and accepting as each new virus appeared. We found that keeping the zip's blocked had a big impact on minimizing the impact of new virii. We've gotten to the point where we cringe at the thought of unblocking .zip's and would like to make it permanent. Before I propose this to the administration, I wanted to see if anyone could comment on whether they are, or are not, blocking zip's and other attachments and if not, what other solutions they have considered. Thanks. John Borne Asst Dir for System Support Computing Services Louisiana State University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: blocking .ZIP attachments, (continued)
- Re: blocking .ZIP attachments Gary Flynn (Aug 19)
- Re: blocking .ZIP attachments Dave Koontz (Aug 19)
- Re: blocking .ZIP attachments Tim Lane (Aug 19)
- Re: blocking .ZIP attachments John C Borne (Aug 19)
- Re: blocking .ZIP attachments Davis, Thomas R. (Aug 20)
- Re: blocking .ZIP attachments Theresa M Rowe (Aug 20)
- Re: blocking .ZIP attachments Jim Bollinger (Aug 20)
- Re: blocking .ZIP attachments F.L.Ferreri (Aug 20)
- Re: blocking .ZIP attachments Matthew Keller (Aug 20)
- Re: blocking .ZIP attachments Cal Frye (Aug 20)
- Re: blocking .ZIP attachments Jenny Gluck (Aug 20)
- Re: blocking .ZIP attachments Michael_Maloney (Aug 20)
- Re: blocking .ZIP attachments Jeffrey I. Schiller (Aug 20)
- Re: blocking .ZIP attachments Scott Barker (Aug 20)
- Re: blocking .ZIP attachments Lucas, Bryan (Aug 20)