[Mimedefang] .com viruses (was Re: NAI virusscan updates)
David F. Skoll
dfs at roaringpenguin.com
Tue Jan 29 10:09:35 EST 2002
On Tue, 29 Jan 2002, Karel.DeBruyne wrote:
> > You should be blocking .com attachments. A few of my clients' setups
> > have already blocked this virus without using any virus scanners.
> I am doing this with vbs, shs, vxd and pif but bat, com and exe are too
> often used (you know these stupid jokes sent around), and I'd get a lot of
> angry phone calls...
Well, then, your superiors don't understand the first principles of
security. :-) Allowing .exe and .com is an invitation to have
your systems taken over.
This latest virus, by the way, was a very nice piece of social
engineering. Microsoft's idiotic decision to encode metadata
(executable-ness) in filenames was bad enough, but the coincidence
that ".com" both marks an MS-DOS executable and is the commercial DNS
address suffix is very bad luck for M$, and a great thing to exploit
for virus writers. I expect more .com viruses in the future.
Doesn't your organization have an acceptable use policy? I'm pretty
sure that mailing jokes around cannot easily be justified under an
> My users are scientists, very sensitive about their "academic freedom"
> which means they think they're clever enough to decide for themselves
> what to do with such an attachement but they're not clever enough to
> solve their virus problems %$%#&@#!!!
Tell them that if they use a Linux or UNIX mail client, you will not
filter their mail at all. If they want freedom, they must use it
(Yes, I realize I'm being silly, but we can always dream...)
More information about the MIMEDefang