[Mimedefang] survey: dropping password protected file

Les Mikesell les at futuresource.com
Wed Mar 3 11:59:22 EST 2004


On Wed, 2004-03-03 at 08:40, EKB wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> How about just "defanging" any encrypted zip by renaming it and adding a
> brief warning message.  We receive lots of valid encrypted zip files so
> deleting them is not an option.

Have you seen the current crop?  They include what looks like
a good personalized reason to use the password to open the
zip (your email account will be disabled, etc.) and come from
reasonable looking addresses (management at yourdomain, etc.). 

Since the real problem is outlook and the way it abuses 'open'
to mean 'execute', I'm thinking of setting up alternate mailboxes
for my users that can only be accessed through a web mail interface
and tossing anything questionable there.  Has anyone tried this
approach yet?  Dropping spam there would work too if it could be
automatically purged after a certain time.  Using maildir format
for delivery would make that fairly easy and an imap server like
dovecot or currier running on an alternate port could act as the
intermediate handler for the webmail front end.

---
   Les Mikesell
     les at futuresource.com



More information about the MIMEDefang mailing list