Re: [Exim] Blocking sobig.f

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MWakko Warner at <-
M 
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Blocking sobig.f
On Thu, 4 Sep 2003, Wakko Warner wrote:

> > Then tell your boss that you want to institute a new corporate email
> > policy, tell him it means that those files should be sent as zipped
> > ones, and tell him why.
>
> .zip files can have virii inside of it too.

That's why you need to *explain* to them the reason.

> There is a worm out there that zips itself and mails it along.

Sure, but until the Great Vendor delivers a mail client that
automatically, and without asking the user, "helpfully" unpacks the
contents of any zip archive attachment +and+ executes anything that it
might find there, you are reasonably safe against anything happening
*automatically*.

Could the vendor be that perverse? There seem to be enough
precedents. But meanwhile...

What you are NOT safe against, and the users need to be educated to
understand their responsibilities in that regard, is a user being
fooled into digging their own grave. So-called "social engineering"
techniques in the cover mail, leading to the user calmly doing the
attacker's bidding.

cheers


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] removing headers from :fail:ed emailsRe: [Exim] Bombarded by pif attachments->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)