[Mimedefang] Virus statistics (was: One that the default filter missed...)

David F. Skoll dfs at roaringpenguin.com
Fri May 24 16:31:39 EDT 2002


On Fri, 24 May 2002, Michael D. Sofka wrote:

> >and .xls is well taken; however, I think Word and Excel are not as
> >widely deployed as Windows itself (especially for home users), so such
> >viruses would propagate more slowly.

> But, they would spread rapidly in some sub-populations.  And, that happens
> to include the sub-population that pays the bills.

Sure. :-)

> >Is there a legitimate reason for allowing .pif/.exe/.scr/etc files
> >to travel by e-mail?

> We are a university, with a broad user base.  As such, there are things we
> cannot (and maybe should not) do that a corporation or individual can do.
> You may have heard this too many times before, but it is true.  Universities
> pride themselves on openness, and we hate to give that up, even a little.
> Blocking whole categories of messages feels like giving up.

Well, not really.  If students have to mail assignments, just tell
them to zip them up.  (or tar them up on UNIX boxes or Squish them [whatever]
on Macs.)

I think asking people to zip up executables is reasonable, and it stops
most viruses because of the added human interaction required for propagation.

> Until I had good evidence that most contain viruses, it would have
> been hard to justify a block.  (And, with virus scanning it isn't
> necessary to block all such attachments, just those that contain a
> virus.)

That's dangerous.  What happens when a new virus comes out which isn't in
your signature database yet?

I have a client who does not block executable attachments, but moves
them to a holding area from which they must manually be released.
This gives him time to listen for new virus outbreaks and update
signature databases.  But it's probably too much effort for a
university-sized system.

(Hey, maybe there's a case for _delaying_ mail containing .exe's by 24
hours, to give anti-virus vendors a chance to catch up.  This assumes that
enough people _don't_ delay mail that the anti-virus vendors will get some
samples.)

> Long term, we hope to make available ways to easily share documents
> without using email.  Of course, in doing so, we will make available a way
> to easily share viruses without using email....

:-)

Regards,

David.




More information about the MIMEDefang mailing list