[SGVLUG] ack -- finally got "wormed" at work
Zack, James
jzack at unex.ucla.edu
Wed Aug 17 09:19:12 PDT 2005
We outright block certain file types here. .pif, .exe, .com, .bat, .msi
among a few others. We also use three layers of antivirus with emails,
starting with a barracuda spam firewall on the outside, then Trend Micro on
our email server itself, and finally Sophos antivirus at the file level in
case anything misses the other two. We block outright those files with
generally malicious extensions (.exe, .com, etc) at the spam firewall level.
We have not been hit with an email-borne virus since we implemented those
changes.
-JZ
-----Original Message-----
From: John Riehl [mailto:jcriehl at mail.jpl.nasa.gov]
Sent: Wednesday, August 17, 2005 9:12 AM
To: SGVLUG Discussion List.
Subject: Re: [SGVLUG] ack -- finally got "wormed" at work
Tom Emerson wrote:
>
> [ironically, yesterday I wanted someone to send me a group of files so
> he used winzip to package them up for me, but when his message arrived
> it was noted as "quarantined" because the attachment HAD A VIRUS.
> When he (and I) scanned the file he created, it didn't turn anything
> up -- a call into the
>
I recently had a similar situation. A summer hire, (a prof at a texas
university) tried to email his syllabus et. al. (word documents)to his
department before school started. The av filter at the u kicked it back, as
per heuristics. i.e. it didnt match a particular signature, but something
made it suspicious. It turns out the names he chose
triggered the heuristic filter. He renamed the documents, and they
went through.
There are many places that automatically filter based on attachment type.
jr
john riehl
More information about the SGVLUG
mailing list