mailing list archives
Re: Re: E-Mail viruses
From: psz () maths usyd edu au (Paul Szabo)
Date: Sat, 6 Mar 2004 15:33:15 +1100 (EST)
Curt Purdy <purdy () tecman com> wrote:
... dropping all non-priority [not named .dps] attachments ...
If anyone gets ugly who happens to know the priority extension,
the AV gateway will get it anyway.
Will get it, maybe, as well as until now. Maybe, because some (broken) AV
refuse to look at "randomly named" (e.g. non-EXE) attachments. As well, or
as badly, as until now, because AV does not "get" malware not yet in its
database; it never gets the new viruses, only the "boring old" ones.
Your arrangement may offer some protection from the deluge of common
viruses (allowing bits of each message through, instead of dropping them
altogether: still annoying to your users). However, it does not increase
your security (in the sense that you are still vulnerable to directed
attacks). Since your arrangement protects against some attacks, and does
not decrease security, it may be useful in some environments.
Paul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
Full-Disclosure - We believe in it.
Re: Re: E-Mail viruses Jorge Daza (Mar 08)
Re: E-Mail viruses Incident List Account (Mar 05)
Re: Re: E-Mail viruses Paul Szabo (Mar 06)
Re: Re: E-Mail viruses MacDougall, Shane (Mar 06)
RE: Re: E-Mail viruses Brad Griffin (Mar 07)
Re: Re: E-Mail viruses Aschwin Wesselius (Mar 09)