[Mimedefang] Re: Unsafe file types

Lucas Albers admin at cs.montana.edu
Mon Dec 1 23:10:34 EST 2003


Virus scanners won't catch all the stuff.
I block virtually all attachments except for zip and doc|xls|wpd|ppt.
Then I scan the remaining files with 4 virus scanners.
No single virus scanner catches everything.

This keeps my virus infection rate low.

My users would screem if I blocked the office document extensions, and I
would spend more time recovering files from the quarantine that I like.

My potential vulnerability is thus:

Office macro virus's.

virus's embedded in zip files.

My next step is to increase my security against office macro virus.
Still considering what I can do.
Block office doc's with macro's?
Rename office doc's with macro's?
Only allow txt and msoffice files through as doc extensions.
Their are a number of exploits that put another file type in a word doc.
Lookup up wordperfect conversion flaw on ms security site if you want some
ideas.

I can't block office files, and I can't replace windows clients.

--Luke



More information about the MIMEDefang mailing list