Email with dangerous attachments

Email with dangerous attachments

am 16.07.2007 15:11:52 von dasgorb

We currently reject Email with secific attachments which security deem
to be
a security risk (.exe, .bat, .scr). I am researching alternatives to
rejecting the Email and am asking for opinions from the working
people.

I know we can just reject the meessage, receive the message and let
the
anti-virus software handle it, receive the message with the attachment
stripped.

I am curious to hear what some admins are doing and why.

TIA

Re: Email with dangerous attachments

am 16.07.2007 18:30:47 von keeling

dasgorb :
> We currently reject Email with secific attachments which security
> deem to be a security risk (.exe, .bat, .scr). I am researching
> alternatives to rejecting the Email and am asking for opinions from
> the working people.
>
> I know we can just reject the meessage, receive the message and let
> the anti-virus software handle it, receive the message with the
> attachment stripped.
>
> I am curious to hear what some admins are doing and why.

Simple. Stop using Windows.

All other alternatives are simply bandaids which mask the problem but
cannot eliminate it. If you quarantine attachments, you're still
vulnerable to countless other ingress vectors. If you deny them,
they'll still walk in off the street. Even if you disable floppy
drives and lock down BIOS, and disable booting from CDs or USB, the
best AV software is only capable of catching 80% of malware, and it's
trivially easy to change one piece of malware to not match current AV
signatures.

Any org these days with Windows machines connected to the net is just
begging to join a botnet. Or worse.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.

Re: Email with dangerous attachments

am 16.07.2007 22:06:11 von Mike Hunter

On Mon, 16 Jul 2007 13:11:52 -0000, dasgorb wrote:
> We currently reject Email with secific attachments which security deem
> to be
> a security risk (.exe, .bat, .scr). I am researching alternatives to
> rejecting the Email and am asking for opinions from the working
> people.
>
> I know we can just reject the meessage, receive the message and let
> the
> anti-virus software handle it, receive the message with the attachment
> stripped.
>
> I am curious to hear what some admins are doing and why.

I heard about one University where they changed all email attachment
filenames to ".txt". If you were clever enough to figure out what the
attachment was supposed to be, you could change it back yourself, but it
would preempt unknowledgable people from doing bad things. You could
implement something less exhaustive than this by changing file
extensions for all blatently unsafe extensions....

Re: Email with dangerous attachments

am 17.07.2007 03:05:08 von DFS

s. keeling wrote:

>> I am curious to hear what some admins are doing and why.

> Simple. Stop using Windows.

Seconded!

> All other alternatives are simply bandaids which mask the problem but
> cannot eliminate it.

Absolutely.

Files are NOT inherently dangerous. It's just that some badly-designed
operating systems take them and do dangerous things with them.

Use a proper OS and proper application software, and you'll be much
further along the road to secure computing than if you encircle your
fragile-as-eggshells Windoze boxes with a cordon.

That being said: Although we do not use Windoze, we still discard any
e-mail bearing a .pif, .exe, etc. Although these files are not dangerous
to us, there's no point in filling our inboxes with MS viruses.

--
David.

Re: Email with dangerous attachments

am 17.07.2007 19:02:56 von jganz

"Mike Hunter" wrote in message
news:slrnf9njtj.5ni.mhunter@fortytwo.lusars.net...
> On Mon, 16 Jul 2007 13:11:52 -0000, dasgorb wrote:
>> We currently reject Email with secific attachments which security deem
>> to be
>> a security risk (.exe, .bat, .scr). I am researching alternatives to
>> rejecting the Email and am asking for opinions from the working
>> people.
>>
>> I know we can just reject the meessage, receive the message and let
>> the
>> anti-virus software handle it, receive the message with the attachment
>> stripped.
>>
>> I am curious to hear what some admins are doing and why.
>
> I heard about one University where they changed all email attachment
> filenames to ".txt". If you were clever enough to figure out what the
> attachment was supposed to be, you could change it back yourself, but it
> would preempt unknowledgable people from doing bad things. You could
> implement something less exhaustive than this by changing file
> extensions for all blatently unsafe extensions....


Microsoft tech support used to do this regularly when sending files to
customers. They would tell them to change the extension back to whatever was
appropriate after receipt. I don't know if they still do this.


--
"j" ganz @@
www.sailnow.com

Re: Email with dangerous attachments

am 17.07.2007 20:22:22 von Dave Uhring

On Tue, 17 Jul 2007 10:02:56 -0700, Capt. JG wrote:

> Microsoft tech support used to do this regularly when sending files to
> customers. They would tell them to change the extension back to whatever was
> appropriate after receipt. I don't know if they still do this.

Not an effective method at all. A few years ago a password protected .zip
file was used to encase a Microsfot virus. The rcpt had to use the
password to unzip the virus then execute it IIRC.