[should read] It also burrows into the content, so if a file si embedded within another file mimesweeper will find it and check it e.g. unpacks the zip file finds the executable and deals with it as appropriate. This is the same for an object imbeded in a word or excel file.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Cunningham Sent: Wednesday, 27 September 2006 09:59 To: Exchange Discussions Subject: RE: .bin files Short answer: Risk is minimal and you now has a business reason to accept .bin .Bin is "normally" a format for CD/DVD images. By default, in XP, there is no file association with .BIN . Your major risk, I would percieve is a file that comes in an extension that when the attachment is double clicked on, the file will run. If there is no association with an application, then your risk is limited (the user has to know what to do with the file manually to initiate any virus) Long answer: If with your current AV you can rename and extension to and you can bypass the AV gateway, your gateway is a POS ... IMNSHO NOTE: I am just a happy user of mimesweeper, and am not endorsing its particular use, just the type of functionality it has. A lot of people confuse file extenstion with the type of file. Renaming a .bin to a .bit will fool a lot of the products out there, but not all. Products like mimesweeper can block on file extension, but also file "makeup" e.g. if a .mp3 is renamed to .txt and sent through mimesweeper , mimesweeper will check the content of the file and if it looks like and MP3 file it will block it, no mater what the extension type. It also burrows into the content, so if a file embedded within another file mimesweeper unpacks the zip file finds the executable and deals with it as appropriate. This is the same for an object imbeded in a word or excel file. If a mail message or attachment cannot be decoded, it is blocked and put in an undetermined folder for the admin to deal with manually This type of functioanllity means we can accept zip files as it is just a container, if an item is encoded with PGP or password protected it is put in the undetermined. Blocking file extensions based on extension name is sooo last century. Blocking based on content and extension is this century. Cheers Dean -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan Monaghan Sent: Wednesday, 27 September 2006 06:25 To: Exchange Discussions Subject: RE: .bin files Nope, this is a standard for their product with their company line being that since Microsoft is going to be doing it in Office 2007, that we along with all other email systems will need to start letting in .bin files. One of the reasons I am writing this to everyone here is to get a feeling for the request. It goes against my better judgment, but I also know that if Microsoft is really doing this, I will need to find a way to allow the sharing of Word Documents, etc out of Office 2007 when it arrives. Being a publishing company, I can block a lot of files, but when it comes to .PDFs and .DOC type files, those have to be allowed thru with just a virus scan at the front and relying on the virus scanner at the Exchange and user level in the hopes we don't have another "I LOVE YOU" catch us with our pants down.... Felis demulcta mitis ... Alan G. Monaghan [ MCSE+I - Win4.0/ MCSE - Win2k/ BJCP # C0389(Recognized) Ò¿Ó¬ ] Systems Administrator Gardner Publications, Inc. *Phone ...... 1-513-527-8867 *Fax ........ 1-513-527-8801 *Cell ....... 1-513-378-0919 *E-mail ..... [EMAIL PROTECTED] *URL ........ http://Bullwinkle.GardnerWeb.Com/ >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:bounce- >> [EMAIL PROTECTED] On Behalf Of Tom Kern >> Sent: Tuesday, September 26, 2006 2:16 PM >> To: Exchange Discussions >> Subject: Re: .bin files >> >> is it too much for them to rename the file before they send it? >> Since they are the vendor and you guys are the client, can't you >> dictate stuff like that? >> >> >> >> On 9/26/06, Alan Monaghan <[EMAIL PROTECTED]> wrote: >> > Good day list. >> > I just finished a discussion with a company called Mindjet >> > (http://www.mindjet.com/). >> > >> > The discussion was regarding their sending .bin files within a >> modified .zip >> > file into us. Our environment is made up of a front line smtp server >> with >> > Antigen for SMTP on it. In there we obviously look for viruses and .exe >> > files, etc. One of the file formats we currently block is .bin. This >> decision >> > goes back to before '98 when there was a published file type listing >> that >> > said basically there is no reason to accept .bin, .sys, .com, etc. >> types of >> > files. Now, while this, in itself will be a problem with this company, >> the >> > technician dropped another bomb on me and said that Office 2007 will be >> using >> > .bin files and compression to send documents, etc. >> > >> > He also mentioned more capabilities of scripting being done from within >> these >> > attachments. I won't go into my thoughts about the problems this >> creates, but >> > rather, what you all are doing in your own companies about this. >> > Should I go ahead and remove the .bin files from being denied? Is the >> > scanning / security stuff on XP and within the systems themselves good >> enough >> > I don't need to filer out files any more? >> > >> > Thanks. >> > >> > >> > Felis demulcta mitis ... >> > Alan G. Monaghan >> > [ MCSE+I - Win4.0/ MCSE - Win2k/ BJCP # C0389(Recognized) ҿӬ ] >> > Systems Administrator >> > Gardner Publications, Inc. >> > >> > *Phone ...... 1-513-527-8867 >> > *Fax ........ 1-513-527-8801 >> > *Cell ....... 1-513-378-0919 >> > *E-mail ..... [EMAIL PROTECTED] >> > *URL ........ http://Bullwinkle.GardnerWeb.Com/ >> > >> > >> > >> > >> > _________________________________________________________________ >> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange >> > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ >> > To unsubscribe send a blank email to [EMAIL PROTECTED] >> dl.sparklist.com >> > Exchange List admin: [EMAIL PROTECTED] >> > To unsubscribe via postal mail, please contact us at: >> > Jupitermedia Corp. >> > Attn: Discussion List Management >> > 475 Park Avenue South >> > New York, NY 10016 >> > >> > Please include the email address which you have been contacted with. >> > >> > >> >> _________________________________________________________________ >> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >> Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange >> To subscribe: http://e-newsletters.internet.com/discussionlists.html/ >> To unsubscribe send a blank email to $subst('Email.UnSub') >> Exchange List admin: [EMAIL PROTECTED] >> To unsubscribe via postal mail, please contact us at: >> Jupitermedia Corp. >> Attn: Discussion List Management >> 475 Park Avenue South >> New York, NY 10016 >> >> Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to $subst('Email.UnSub') Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to $subst('Email.UnSub') Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to $subst('Email.UnSub') Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
