On 03/14/2014 08:40 AM, Tony White wrote:
Hi folks,
Simscan can block attachments but I am wondering if we can be a
little better.
Many of the issues I see doing repairs for my clients comes from Windows
hiding
file extensions.
Is there anywhere in the QMT protocols that we can rename or add a
further extension
to dangerous file types?
/var/qmail/control/simcontrol
I'm a little surprised that .exe files aren't listed by default.
Should they be?
I'm not very fond of blocking file extensions. It's easy for users to
circumvent when they need to though (by simply renaming the file).
An example I saw the other day was message.wav tempting the client to
open the file
but in reality it was in fact a messaghe.wav.exe which in turn became
the RansomWare
package that ran and encrypted the client data files.
The idea that windows hides the file extensions is crazy and utilised
all to readily.
Can anyone suggest how we might protect our clients in the fashion please?
I would have expected clamav to catch this. Do you still have the
infected file, and can you run it through clamav to see if it detects now?
FWIW, it's always possible for a virus to get through though when it's
brand new. I saw this happen recently, when I tried to forward a
phishing attempt to sanesecurity, clamav wouldn't let me send it.
Although it received it earlier with no problem, freshclam had since
gotten the update.
Anyone else have any thoughts on this?
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]