mailing list archives
Re: Re: E-Mail viruses
From: "docco" <docco () zeelandnet nl>
Date: Sat, 6 Mar 2004 09:08:34 +0100
"The nice thing about this approach is that it completely
eliminates the need for any anti-virus on the mail server
since all virus attachments are automatically dropped
without the need for scanning [...]"
What Curt Purdy is saying looks to me like a great_pain_in_the_ass_solution.
In case the "supersecret" extension would get leaked or compromised, which I
beleive would be absolutely not hard to achieve (by means of social
engineering, sniffing or just brute force - combinations of three letters,
wow, that IS hard to guess) you should:
- Change your whole statregy. As the extension is been compromised you could
not trust ANY attatchment anymore from that moment on, loosing probably good
and valid attachments.
- Inform all users about the "supersecret" extension been compromised and
ask them to use the new "supersecret" extension.
Then, and I'm playing Devil's Advocate, suppose the new "supersecret"
extension gets again compromised in the time users are getting used to this
new second one, and that you, again, have to inform everybody to change once
more the way they send attachments ...
Well I'm guessing, but I'm almost sure some of your users would just quit
their jobs and go insane.
You Can't Judge a Book By Looking At The Cover
You Can't Judge a File By Looking At The Extension
Just my two cents.
PS.- I follow the list for a while with great interest and it's a good
learning experience. Thanx to everybody who participate.
Full-Disclosure - We believe in it.
Re: Re: E-Mail viruses Jorge Daza (Mar 08)
Re: E-Mail viruses Incident List Account (Mar 05)
Re: Re: E-Mail viruses Paul Szabo (Mar 06)
Re: Re: E-Mail viruses MacDougall, Shane (Mar 06)
RE: Re: E-Mail viruses Brad Griffin (Mar 07)
Re: Re: E-Mail viruses Aschwin Wesselius (Mar 09)