Thank you for the write up. I will be changing my settings on that particular
file type. While I don't hold with allow all file attachments in, I do think
your argument has a great deal of merit and I will be evaluating this on our
next Antigen upgrade cycle. :)
Thank you.
Felis demulcta mitis ...
Alan G. Monaghan
[ MCSE+I - Win4.0/ MCSE - Win2k/ BJCP # C0389(Recognized) Ò¿Ó¬ ]
Systems Administrator
Gardner Publications, Inc.
*Phone ...... 1-513-527-8867
*Fax ........ 1-513-527-8801
*Cell ....... 1-513-378-0919
*E-mail ..... [EMAIL PROTECTED]
*URL ........ http://Bullwinkle.GardnerWeb.Com/
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:bounce-
>> [EMAIL PROTECTED] On Behalf Of Dean Cunningham
>> Sent: Tuesday, September 26, 2006 6:07 PM
>> To: Exchange Discussions
>> Subject: RE: .bin files
>>
>>
>> [should read]
>>
>> It also burrows into the content, so if a file si embedded within another
>> file mimesweeper will find it and check it e.g. unpacks the zip file
>> finds the executable and deals with it as appropriate. This is the same
>> for an object imbeded in a word or excel file.
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:bounce-
>> [EMAIL PROTECTED] On Behalf Of Dean Cunningham
>> Sent: Wednesday, 27 September 2006 09:59
>> To: Exchange Discussions
>> Subject: RE: .bin files
>>
>> Short answer:
>> Risk is minimal and you now has a business reason to accept .bin
>> .Bin is "normally" a format for CD/DVD images.
>> By default, in XP, there is no file association with .BIN . Your major
>> risk, I would percieve is a file that comes in an extension that when the
>> attachment is double clicked on, the file will run. If there is no
>> association with an application, then your risk is limited (the user has
>> to know what to do with the file manually to initiate any virus)
>>
>> Long answer:
>>
>> If with your current AV you can rename and extension to and you can
>> bypass the AV gateway, your gateway is a POS ... IMNSHO
>>
>> NOTE: I am just a happy user of mimesweeper, and am not endorsing its
>> particular use, just the type of functionality it has.
>>
>> A lot of people confuse file extenstion with the type of file. Renaming
>> a .bin to a .bit will fool a lot of the products out there, but not all.
>> Products like mimesweeper can block on file extension, but also file
>> "makeup" e.g. if a .mp3 is renamed to .txt and sent through mimesweeper ,
>> mimesweeper will check the content of the file and if it looks like and
>> MP3 file it will block it, no mater what the extension type.
>>
>> It also burrows into the content, so if a file embedded within another
>> file mimesweeper unpacks the zip file finds the executable and deals with
>> it as appropriate. This is the same for an object imbeded in a word or
>> excel file.
>>
>> If a mail message or attachment cannot be decoded, it is blocked and put
>> in an undetermined folder for the admin to deal with manually
>>
>> This type of functioanllity means we can accept zip files as it is just a
>> container, if an item is encoded with PGP or password protected it is put
>> in the undetermined.
>>
>> Blocking file extensions based on extension name is sooo last century.
>> Blocking based on content and extension is this century.
>>
>>
>> Cheers
>> Dean
>>
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:bounce-
>> [EMAIL PROTECTED] On Behalf Of Alan Monaghan
>> Sent: Wednesday, 27 September 2006 06:25
>> To: Exchange Discussions
>> Subject: RE: .bin files
>>
>> Nope, this is a standard for their product with their company line being
>> that
>> since Microsoft is going to be doing it in Office 2007, that we along
>> with
>> all other email systems will need to start letting in .bin files. One of
>> the
>> reasons I am writing this to everyone here is to get a feeling for the
>> request. It goes against my better judgment, but I also know that if
>> Microsoft is really doing this, I will need to find a way to allow the
>> sharing of Word Documents, etc out of Office 2007 when it arrives. Being
>> a
>> publishing company, I can block a lot of files, but when it comes
>> to .PDFs
>> and .DOC type files, those have to be allowed thru with just a virus scan
>> at
>> the front and relying on the virus scanner at the Exchange and user level
>> in
>> the hopes we don't have another "I LOVE YOU" catch us with our pants
>> down....
>>
>>
>>
>> Felis demulcta mitis ...
>> Alan G. Monaghan
>> [ MCSE+I - Win4.0/ MCSE - Win2k/ BJCP # C0389(Recognized) Ò¿Ó¬ ]
>> Systems Administrator
>> Gardner Publications, Inc.
>>
>> *Phone ...... 1-513-527-8867
>> *Fax ........ 1-513-527-8801
>> *Cell ....... 1-513-378-0919
>> *E-mail ..... [EMAIL PROTECTED]
>> *URL ........ http://Bullwinkle.GardnerWeb.Com/
>>
>>
>>
>> >> -----Original Message-----
>> >> From: [EMAIL PROTECTED] [mailto:bounce-
>> >> [EMAIL PROTECTED] On Behalf Of Tom Kern
>> >> Sent: Tuesday, September 26, 2006 2:16 PM
>> >> To: Exchange Discussions
>> >> Subject: Re: .bin files
>> >>
>> >> is it too much for them to rename the file before they send it?
>> >> Since they are the vendor and you guys are the client, can't you
>> >> dictate stuff like that?
>> >>
>> >>
>> >>
>> >> On 9/26/06, Alan Monaghan <[EMAIL PROTECTED]> wrote:
>> >> > Good day list.
>> >> > I just finished a discussion with a company called Mindjet
>> >> > (http://www.mindjet.com/).
>> >> >
>> >> > The discussion was regarding their sending .bin files within a
>> >> modified .zip
>> >> > file into us. Our environment is made up of a front line smtp server
>> >> with
>> >> > Antigen for SMTP on it. In there we obviously look for viruses
>> and .exe
>> >> > files, etc. One of the file formats we currently block is .bin. This
>> >> decision
>> >> > goes back to before '98 when there was a published file type listing
>> >> that
>> >> > said basically there is no reason to accept .bin, .sys, .com, etc.
>> >> types of
>> >> > files. Now, while this, in itself will be a problem with this
>> company,
>> >> the
>> >> > technician dropped another bomb on me and said that Office 2007 will
>> be
>> >> using
>> >> > .bin files and compression to send documents, etc.
>> >> >
>> >> > He also mentioned more capabilities of scripting being done from
>> within
>> >> these
>> >> > attachments. I won't go into my thoughts about the problems this
>> >> creates, but
>> >> > rather, what you all are doing in your own companies about this.
>> >> > Should I go ahead and remove the .bin files from being denied? Is
>> the
>> >> > scanning / security stuff on XP and within the systems themselves
>> good
>> >> enough
>> >> > I don't need to filer out files any more?
>> >> >
>> >> > Thanks.
>> >> >
>> >> >
>> >> > Felis demulcta mitis ...
>> >> > Alan G. Monaghan
>> >> > [ MCSE+I - Win4.0/ MCSE - Win2k/ BJCP # C0389(Recognized) ҿӬ ]
>> >> > Systems Administrator
>> >> > Gardner Publications, Inc.
>> >> >
>> >> > *Phone ...... 1-513-527-8867
>> >> > *Fax ........ 1-513-527-8801
>> >> > *Cell ....... 1-513-378-0919
>> >> > *E-mail ..... [EMAIL PROTECTED]
>> >> > *URL ........ http://Bullwinkle.GardnerWeb.Com/
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > _________________________________________________________________
>> >> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
>> >> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
>> >> > To subscribe: http://e-
>> newsletters.internet.com/discussionlists.html/
>> >> > To unsubscribe send a blank email to [EMAIL PROTECTED]
>> >> dl.sparklist.com
>> >> > Exchange List admin: [EMAIL PROTECTED]
>> >> > To unsubscribe via postal mail, please contact us at:
>> >> > Jupitermedia Corp.
>> >> > Attn: Discussion List Management
>> >> > 475 Park Avenue South
>> >> > New York, NY 10016
>> >> >
>> >> > Please include the email address which you have been contacted with.
>> >> >
>> >> >
>> >>
>> >> _________________________________________________________________
>> >> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
>> >> Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
>> >> To subscribe: http://e-newsletters.internet.com/discussionlists.html/
>> >> To unsubscribe send a blank email to $subst('Email.UnSub')
>> >> Exchange List admin: [EMAIL PROTECTED]
>> >> To unsubscribe via postal mail, please contact us at:
>> >> Jupitermedia Corp.
>> >> Attn: Discussion List Management
>> >> 475 Park Avenue South
>> >> New York, NY 10016
>> >>
>> >> Please include the email address which you have been contacted with.
>>
>> _________________________________________________________________
>> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
>> Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
>> To subscribe: http://e-newsletters.internet.com/discussionlists.html/
>> To unsubscribe send a blank email to $subst('Email.UnSub')
>> Exchange List admin: [EMAIL PROTECTED]
>> To unsubscribe via postal mail, please contact us at:
>> Jupitermedia Corp.
>> Attn: Discussion List Management
>> 475 Park Avenue South
>> New York, NY 10016
>>
>> Please include the email address which you have been contacted with.
>>
>> **********************************************************************
>> Have you clicked on yet?
>> www.nrc.govt.nz
>> **********************************************************************
>> NORTHLAND REGIONAL COUNCIL
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> [EMAIL PROTECTED]
>> **********************************************************************
>>
>> _________________________________________________________________
>> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
>> Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
>> To subscribe: http://e-newsletters.internet.com/discussionlists.html/
>> To unsubscribe send a blank email to $subst('Email.UnSub')
>> Exchange List admin: [EMAIL PROTECTED]
>> To unsubscribe via postal mail, please contact us at:
>> Jupitermedia Corp.
>> Attn: Discussion List Management
>> 475 Park Avenue South
>> New York, NY 10016
>>
>> Please include the email address which you have been contacted with.
>>
>> **********************************************************************
>> Have you clicked on yet?
>> www.nrc.govt.nz
>> **********************************************************************
>> NORTHLAND REGIONAL COUNCIL
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> [EMAIL PROTECTED]
>> **********************************************************************
>>
>> _________________________________________________________________
>> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
>> Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
>> To subscribe: http://e-newsletters.internet.com/discussionlists.html/
>> To unsubscribe send a blank email to $subst('Email.UnSub')
>> Exchange List admin: [EMAIL PROTECTED]
>> To unsubscribe via postal mail, please contact us at:
>> Jupitermedia Corp.
>> Attn: Discussion List Management
>> 475 Park Avenue South
>> New York, NY 10016
>>
>> Please include the email address which you have been contacted with.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to $subst('Email.UnSub')
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
