On the network I'm a member of we block all exe files sent inside the
rar or zip, so even if it is sent the file will be 0byted. Wouldn't
that be a better method? otherwise if you block all bz2, zip, rar,
etc... then you will block a lot of useful communication
-Kinnell
On Fri, 11 Mar 2005 16:49:16 -0500, adisegna_at_siscocorp.com
<adisegna_at_siscocorp.com> wrote:
> Sean, I have to disagree with you. Any file that that can encapsulate an
> executable file should be blocked (IMO). ZIP files are one of the
> biggest carriers of malicious content these days. I don't make it a
> habbit of trusting my users no matter how many times they get trained.
> RAR extraction tools are not part of the software image policy on my
> network so users are oblivious to the file blocking. What is your
> solution?
>
> Thanks
>
> AD
> Information Technology Group
> Security Identification Systems Corporation
>
> -----Original Message-----
> From: Sean Crawford [mailto:sean01_at_accnet.com.au]
> Sent: Tuesday, March 08, 2005 9:39 PM
> To: security-basics_at_securityfocus.com
> Subject: RE: 543.rar attachment
>
> ---> -----Original Message-----
> ---> From: adisegna_at_siscocorp.com [mailto:adisegna_at_siscocorp.com]
>
> ---> Subject: RE: 543.rar attachment
>
> ---> I just recently got the same executable inside .rar. I extracted
> the
> ---> dddd.exe and ran a scan on it. Norton Corporate 9.01 didn't find
> ---> anything (as of 4 days ago). I wasn't about to double click this
> exe on
> ---> my corporate network. Block the rar extension on your mail server.
> --->
>
> rar is a valid compression format...blocking it isn't a very good
> solution.
>
> 2 cents.
>
> Sean
>
>
Received on Mar 14 2005
Intro
