Just want to quarantine messages with zipped attachments; how?
Quentin Campbell
Q.G.Campbell at NEWCASTLE.AC.UK
Fri Jul 30 15:05:35 IST 2004
We delete any attachments whose filename extension appears in the 50+
"deny" entries in "filename.rules.conf".
We require senders of files normally caught by the above rules to either
rename the file or zip it up before attaching it to a message.
This protects us from almost all dangerous payloads in viruses/worms
EXCEPT those payloads carried in zipped files in attachments. It is an
important backup to the protection offered by our two anti-virus
engines. It has saved us when McAfee and Sophos have been slow to react
to new viruses.
We are finding that these blocks on "dangerous" attachment types are
being increasingly subverted by the social engineering used by
viruses/worms such as "MyDoom" that exploit zipped attachments.
We don't currently use the quarantine facility of MailScanner. Since we
are obliged to accept zipped files in attachments, we want in all cases
to start quarantining these messages and require users to make a
considered request for their release.
How can we quarantine just messages with zipped attachments?
Quentin
---
PHONE: +44 191 222 8209 Information Systems and Services (ISS),
University of Newcastle,
Newcastle upon Tyne,
FAX: +44 191 222 8765 United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list