Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Security Basics: RE: 543.rar attachment

RE: 543.rar attachment

From: <adisegna_at_siscocorp.com>
Date: Fri, 11 Mar 2005 16:49:16 -0500

Sean, I have to disagree with you. Any file that that can encapsulate an
executable file should be blocked (IMO). ZIP files are one of the
biggest carriers of malicious content these days. I don't make it a
habbit of trusting my users no matter how many times they get trained.
RAR extraction tools are not part of the software image policy on my
network so users are oblivious to the file blocking. What is your
solution?

Thanks

 
AD
Information Technology Group
Security Identification Systems Corporation
 

-----Original Message-----
From: Sean Crawford [mailto:sean01_at_accnet.com.au]
Sent: Tuesday, March 08, 2005 9:39 PM
To: security-basics_at_securityfocus.com
Subject: RE: 543.rar attachment

---> -----Original Message-----
---> From: adisegna_at_siscocorp.com [mailto:adisegna_at_siscocorp.com]

---> Subject: RE: 543.rar attachment

---> I just recently got the same executable inside .rar. I extracted
the
---> dddd.exe and ran a scan on it. Norton Corporate 9.01 didn't find
---> anything (as of 4 days ago). I wasn't about to double click this
exe on
---> my corporate network. Block the rar extension on your mail server.
--->

rar is a valid compression format...blocking it isn't a very good
solution.

2 cents.

Sean
Received on Mar 11 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]