lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <007801c40309$666c0240$2d2ea8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Re: E-Mail viruses

Incident List Account wrote:
> Curt, be carefull not to strain your arm patting yourself on
> the back :) I actually really like your solution UNTIL the
> "completely eliminates the need for antivirus on the mail
> server" comment. If an outside party follows the procedure
> and remnames his file to file1.inc and sends it to your user,
> are you 100% confident in that outside party's attachement is
> not inadvetantly infected with a virus? I agree that only
> allowing a certain obscure extension through to your user
> eliminates the VAST majority of the problems. I would not
> however trust any file from a third party with out some sort of scan.

As a firm believer in "layered security" espoused by Bruce Schneir in which
five 80% effective layers achieve 99.8% effectiveness overall, I would never
suggest not having a mail AV server, as well as desktop AV.  The way I
developed this system was I began dropping .scr, .pif, .com, .cmd as easy
non-legitimate emails.  I then went to .exe when I got tired of the
occasional virus slipping through and told users they had to have senders
zip it prior to sending.  Now since Mydoom, I took the next logical step of
dropping everything.  Users find it just as easy to tell senders to rename
the file as to zip it.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


Powered by blists - more mailing lists