Full Disclosure mailing list archives

RE: [inbox] Re: Re: E-Mail viruses

From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 5 Mar 2004 15:20:26 -0600 (CST)

On Fri, 5 Mar 2004, Curt Purdy wrote:

Valdis.Kletnieks wrote:

Ah, I wish...  An alternative is to allow only a

proprietary extension

through, like .inc  Legitimate senders would rename the

file, be it .exe

.doc .jpg, indicate in the body of the message what the

true extension is,

and the receiver merely renames it.

So let's see.. the same bozos who read the text part of the
virus, get the password, and
use that to unzip the rest of the virus won't read the text
part, get the rename to do,
and.....

Color me dubious....


Methinks you misunderstand.  Only the proprietary extension, i.e. .inc or
.xyz or .whatever, would be allowed through, and since virus writers would
never use this extension, it would eliminate ALL viruses at the gateway.
The nice thing about this approach is that it completely eliminates the need
for any anti-virus on the mail server since all virus attachments are
automatically dropped without the need for scanning.  Quite a simple, yet
elegant solution, if I do say so myself.


Elegant for the technically clued, yet, I think Mr. Kletnieks is saying,
and he will correct me if I'm off;

How does one train the non-technically uninclined to understand this when
they are the ones opening the virus/trjan infected password protected zip
files in the first place?  These folks, with all the sec training tossed
at them bi-yearly should already know better, and don't thus opening their
whole company to the problem in the first place.

Not to mention as I already stated your way sir in private, the techies
now have to spend time renaming these files for their users, or spending
endless hours telling the same folks the same process once or twice a week
<smile>.  Danged old doogs will not get it, won't jot it down and post it
to their cubicle wall for a resource, no matter how many milkbones you
toss at em..

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: E-Mail viruses Earl Keyser (Mar 04)
- Re: Re: E-Mail viruses Ron DuFresne (Mar 05)
  - RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
    - Re: [inbox] Re: Re: E-Mail viruses Valdis . Kletnieks (Mar 05)
    - RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
    - RE: [inbox] Re: Re: E-Mail viruses Ron DuFresne (Mar 05)
    - Re: Re: E-Mail viruses Cael Abal (Mar 05)
    - RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
    - Re: E-Mail viruses Cael Abal (Mar 05)
    - RE: [inbox] Re: Re: E-Mail viruses Chris DeVoney (Mar 05)
    - Re: E-Mail viruses starwars (Mar 05)
    - Re: Re: E-Mail viruses Nick FitzGerald (Mar 06)
    - Re: Re: E-Mail viruses Valdis . Kletnieks (Mar 08)
    - Re: Re: E-Mail viruses Nick FitzGerald (Mar 08)
    - RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 09)
    - Re: [inbox] Re: Re: E-Mail viruses gadgeteer (Mar 05)

(Thread continues...)