Attachments

[Ken Goods]

Martin Hepworth wrote:
> Ken Goods wrote:
>>>> Colin Jack wrote:
>>>>> Hmmm ... it looks like MailScanner is refusing the attachments
>>>>> because the .zip file contains unacceptable files ... e.g. .exe
>>>>> and .chm 
>>>>> 
>>>>> This seems a little over the zealous. We usually suggest to
>>>>> clients mailing .exe files (install files for example) to .zip
>>>>> them up to get through filters!! 
>>>>> 
>>>>> What is the best way to deal with this? Can I tell MailScanner
>>>>> not to look inside .zip files 
>>>>> 
>>>>> Thanks
>>>>> 
>>>>> Colin
>> 
>> Colin,
>> 
>> Just thought I'd add my 2 cents....
>> What I have done here is to instruct my users to rename any
>> executables to .txt then instruct their recipient to rename the
>> attachment back to .exe once they have received it. 
>> 
>> This does three things... first, it gets my (very technically
>> illiterate) users to be aware of file extensions to begin with and
>> to know what I'm talking about when I say this one or that one is
>> potentially dangerous. (it also helps them get used to renaming
>> files) Second, since the file has come from somebody they know (I
>> instruct them to pre-contact the recipient so they are expecting an
>> executable) and has instructions on how to make the file back into
>> an executable, it makes them more aware of the way viruses are
>> propagated via email and there is less chance that someone will
>> inadvertently open a virus (of course I run two virus scanners to
>> this is a slim chance anyway). And third, and I guess most
>> importantly, it gets the file through any filetype checking based on
>> the extension. (Outlook, OE... etc..) Besides, anti-virus software
>> will still catch viruses regardless of the file extension.  
>> 
>> One can argue that zipping them up is a better way to handle it but
>> in my experience with *my* users, I have found it's easier for them
>> to simply rename the file on both ends. This has been working very
>> well here for the last couple years... YMMV 
>> 
>> This was a solution I didn't see mentioned so I thought I'd throw it
>> into the mix. 
>> 
>> Kind regards,
>> Ken Goods
>> Network Administrator
>> AIA/CropUSA Insurance, Inc.
>> 
> 
> 
> for what it's worth I normally get at least 2 exe's diguised as
> something else that are blocked by MS BEFORE the AV companies updated
> their signature - last one was 6 weeks ago!
> 
> --

Martin,
You're absolutely correct... I should have started by saying that I'm in the
enviable position of being able to block about 20 countries (port 25) at the
firewall including China, most of southeast asia, and various other
countries that are known virus mills. To be honest I don't think we've had
any "real" viruses (besides phishing emails) hit the door in a few months.
If this changes and we start getting some in I'll no doubt have to make some
changes.

Good catch!

Kind regards, 

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.