lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <007801c40309$666c0240$2d2ea8c0@LUFKIN.DPSOL.COM> From: purdy at tecman.com (Curt Purdy) Subject: [inbox] Re: E-Mail viruses Incident List Account wrote: > Curt, be carefull not to strain your arm patting yourself on > the back :) I actually really like your solution UNTIL the > "completely eliminates the need for antivirus on the mail > server" comment. If an outside party follows the procedure > and remnames his file to file1.inc and sends it to your user, > are you 100% confident in that outside party's attachement is > not inadvetantly infected with a virus? I agree that only > allowing a certain obscure extension through to your user > eliminates the VAST majority of the problems. I would not > however trust any file from a third party with out some sort of scan. As a firm believer in "layered security" espoused by Bruce Schneir in which five 80% effective layers achieve 99.8% effectiveness overall, I would never suggest not having a mail AV server, as well as desktop AV. The way I developed this system was I began dropping .scr, .pif, .com, .cmd as easy non-legitimate emails. I then went to .exe when I got tired of the occasional virus slipping through and told users they had to have senders zip it prior to sending. Now since Mydoom, I took the next logical step of dropping everything. Users find it just as easy to tell senders to rename the file as to zip it. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Powered by blists - more mailing lists