[Mimedefang] .com viruses (was Re: NAI virusscan updates)

[David F. Skoll]

On Tue, 29 Jan 2002, Karel.DeBruyne wrote:

> > You should be blocking .com attachments.  A few of my clients' setups
> > have already blocked this virus without using any virus scanners.

> I am doing this with vbs, shs, vxd and pif but bat, com and exe are too
> often used (you know these stupid jokes sent around), and I'd get a lot of
> angry phone calls...

Well, then, your superiors don't understand the first principles of
security. :-)  Allowing .exe and .com is an invitation to have
your systems taken over.

This latest virus, by the way, was a very nice piece of social
engineering.  Microsoft's idiotic decision to encode metadata
(executable-ness) in filenames was bad enough, but the coincidence
that ".com" both marks an MS-DOS executable and is the commercial DNS
address suffix is very bad luck for M$, and a great thing to exploit
for virus writers.  I expect more .com viruses in the future.

Doesn't your organization have an acceptable use policy?  I'm pretty
sure that mailing jokes around cannot easily be justified under an
AUP.

> My users are scientists, very sensitive about their "academic freedom"
> which means they think they're clever enough to decide for themselves
> what to do with such an attachement but they're not clever enough to
> solve their virus problems %$%#&@#!!!

Tell them that if they use a Linux or UNIX mail client, you will not
filter their mail at all.  If they want freedom, they must use it
responsibly.

(Yes, I realize I'm being silly, but we can always dream...)

--
David.