RE: Novarg

[Jeremy Strachan <Jeremy.Strachan () ClemengerCommunications co nz>]

For what its worth - we use NAV for Exchange, and one of the options is to
block certain attachment types, in this case we block .exe attachments.

NAV looks inside .ZIP files, see's the .exe inside, and blocks (or deletes)
the entire attachment.

That means we aren't dependant on a virus signature being released to block
this worm (or new variants).


Jeremy
National IT Manager
Clemenger Communications Ltd
Microsoft MCSE, Novell CNE, Compaq ASE

-----Original Message-----
From: sloppy seconds [mailto:beleguese () yahoo com]
Sent: Wednesday, 28 January 2004 5:32 p.m.
To: incidents () securityfocus com
Subject: Novarg


To all, 

Yes as many of you have noticed Novarg is spreading
fast. I work for a large international corporation and
we have seen extensive infiltration. However, this
worm has not proved to be as "damaging" as some may
claim. The scary part is that our investment in AV
solutions (Trend, Symantec, et al...) has not
protected us. We are now reconsidering our stance on
allowing .ZIP files in Email. 

We engineered our own cleaning utility hours before
our AV vendors even had signatures. Infecting lab
clients and using diff tools...etc

> From a network perspective we are watching for the
supposed DOS against SCO. 

We have had the outbreak under control just a few
hours after it's inception. 

Anyone care to contribute their experience?

Thanks, 
Beleguese


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------