Scott,
It seems that social engineering will be play a huge part in
future viruses (already seen it will passwords listed in body of
encrypted zips), what are your thoughts on the following:
I have recently saw a bounce message that contained the recent
Bagle.aq virus that contained the following words in the body.
"Due to the nature of the current virii, we are stripping Microsoft
.zipattachments. To send these, please rename the extension to .piz by
rightclicking and using rename file. Let the recipient know to change it
back to.zip and it should get past."
Is it possible to build in some parameter that allows for banning
all extensions, except some listing that is provided within the config
file? However, keeping the functionality of blocking file extensions
within compression files.
I know this is most likely a huge undertaking, however, if I look
back over my conversations with some of my users and them wanting to
send some much needed exe (or the like) file through inside a zip, and
my response is rename the extension to something other than .zip and
send it and let the end user know to alter it back. I can't help but
imagine the virus writers will social engineer something soon to do the
same.
Thanks for the time.
Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
