> Many are, (obviously) flagging Word 2007 docs as compressed files but > treating them AV policy-wise as normal zips lacking flexibility in > selective scanning of the files IN a compressed file. I'm curious if > Trend Micro, Symantec, McAfee etc has addressed this yet. The last time I had to look at this issue, some major vendors already had some capacity for selective scanning/blocking within .ZIPs etc. Not the product that was wished on me at the time, unfortunately. My only option was to block or not block them, irrespective of what they contained and whether they were encrypted. A combination of stone-age filtering, clueless service providers, and confused upper-echelon managers. > Blocking isn't an option for large enterprises that rely on Word > and other Office docs for functionality. Indeed. I'm getting a nasty case of deja vue here, not to mention a familiar buzzing in the bonnet. The real issue is that "normal" email isn't a safe/suitable medium for file transfer: but that war was lost years ago...
-- David Harley BA CISSP AVIEN Guide to Malware: http://www.smallblue-greenworld.co.uk/pages/avienguide.html New botnet book: http://www.syngress.com/catalog/?pid=4270 Security Bibliography: http://www.smallblue-greenworld.co.uk/pages/bibliography.html Articles: http://watersidesyndication.com/inbusiness/; http://dharley.wordpress.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
