Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: E-Mail viruses
From: psz () maths usyd edu au (Paul Szabo)
Date: Sat, 6 Mar 2004 15:33:15 +1100 (EST)

Curt Purdy <purdy () tecman com> wrote:

... dropping all non-priority [not named .dps] attachments ...
If anyone gets ugly who happens to know the priority extension,
the AV gateway will get it anyway.

Will get it, maybe, as well as until now. Maybe, because some (broken) AV
refuse to look at "randomly named" (e.g. non-EXE) attachments. As well, or
as badly, as until now, because AV does not "get" malware not yet in its
database; it never gets the new viruses, only the "boring old" ones.

Your arrangement may offer some protection from the deluge of common
viruses (allowing bits of each message through, instead of dropping them
altogether: still annoying to your users). However, it does not increase
your security (in the sense that you are still vulnerable to directed
attacks). Since your arrangement protects against some attacks, and does
not decrease security, it may be useful in some environments.


Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]