On Wed, 14 Feb 2001, Noonan, Wesley wrote:
> > I block EVERY vbs attachment, regardless of its content. I have never
> > ever seen a valid reason for sending a vbs attachment. Can
> > anyone think
> > of one? The same goes for other dangerous extensions: .js,
> > .vbe. etc...
> >
>
> Sure.
>
> Hey Ray, can you send me that script you told me about that I can use to
> push out an updated DAT file to my clients who haven't been configured to
> download them from the server automatically. While you are at it, can you
> also send the one that will configure the automatic download so I don't need
> to mess with this in the future. Oh yeah, and send me the one that will push
> the extra.dat out so that when the next big bad evil worm comes out I can
> proactively push the update, instead of needing to wait for the users to
> logon or for the scheduled update period to timeout. Thanks.
Of course, but there are no magic scripts to do it. You have to go to each
machine and do it manually. And i hope you don't have 4,000+ machines on
your network like i do, cause it takes a while. (?!?!!??). On the other
hand, what the hell are you talking about? I thought it was implied, but
i meant block the attachment AT THE MAIL SERVER. The users never see it.
If you send me a message with a SomeVirus.vbs attachement, the mail server
catches it, and instead i get the message with a reject.txt attachment.
reject.txt simply says 'The mail server removed a potentially dangerous
file named SomeVirus.vbs. If you feel this is an error, contact the
postmaster.' No fancy scripts or .DAT files or client updates necessary.
> I agree, and this is actually a very good alternative IMHO. The only catch
> would be those Virus scanners that key on words, and might think the .txt
> file (for example) is a virus based solely on the contents of the
> attachment.
I don't think that's an issue. The same virus/worm sent as a .txt file is
nowhere NEAR as dangerous as when it's sent as a .vbs file. The main
problem is the Outlook users (mostly) who time and again click on vbs
attachments. If they can't learn, you'd think at least the mail
administrators around the world would learn. When you click a vbs script
with a .txt extenstion, it opens in notepad, and other than confusing
the already confused user, it hurts nothing.
later!
Ray
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean http://www.r-a-y.org
Systems Administrator Southeastern Louisiana University
IBM Certified Specialist AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
