My policy is to block zip files by size. If you block all zips smaller than 500k you'll stop all the viruses. Allow zips larger than 500k and those will be the legit files. Sounds sort of silly but it absolutely works. Obviously I have scanners and such running too but that is my attachment policy.
Mark ------------------------------------------------- Two rules for success in life: 1. Never tell people everything you know. From: Mayo, Bill [mailto:[email protected]] Sent: Tuesday, April 9, 2013 10:55 AM To: NT System Admin Issues Subject: RE: .ZIP file e-mail attachments We mostly rely on our appliance (IronPort) to catch them, but we do have a special rule that quarantines any password-protected ZIP files (because the appliance can't inspect those). From: David Lum [mailto:[email protected]] Sent: Tuesday, April 09, 2013 10:51 AM To: NT System Admin Issues Subject: .ZIP file e-mail attachments Do any of you guys still allow this? I ask because at %formerjob% they were blocked, but %dayjob% allows them, and last week and today we've received infected .ZIP files. Last week was another autorun outbreak, today we caught it before anyone actually ran it. We keep getting latest and greatest variants "First seen by VirusTotal 2013-04-09 09:51:15 UTC (4 hours, 58 minutes ago)". Grr... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
