RE: [inbox] [Full-Disclosure] Re: E-Mail viruses

["Curt Purdy" <purdy@xxxxxxxxxx>]

Incident List Account wrote:
> Curt, be carefull not to strain your arm patting yourself on
> the back :) I actually really like your solution UNTIL the
> "completely eliminates the need for antivirus on the mail
> server" comment. If an outside party follows the procedure
> and remnames his file to file1.inc and sends it to your user,
> are you 100% confident in that outside party's attachement is
> not inadvetantly infected with a virus? I agree that only
> allowing a certain obscure extension through to your user
> eliminates the VAST majority of the problems. I would not
> however trust any file from a third party with out some sort of scan.

As a firm believer in "layered security" espoused by Bruce Schneir in which
five 80% effective layers achieve 99.8% effectiveness overall, I would never
suggest not having a mail AV server, as well as desktop AV.  The way I
developed this system was I began dropping .scr, .pif, .com, .cmd as easy
non-legitimate emails.  I then went to .exe when I got tired of the
occasional virus slipping through and told users they had to have senders
zip it prior to sending.  Now since Mydoom, I took the next logical step of
dropping everything.  Users find it just as easy to tell senders to rename
the file as to zip it.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html