Re: [Exim] Blocking sobig.f

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Blocking sobig.f
On Thu, 4 Sep 2003, Wakko Warner wrote:

> > Then tell your boss that you want to institute a new corporate email
> > policy, tell him it means that those files should be sent as zipped
> > ones, and tell him why.
>
> .zip files can have virii inside of it too.


That's why you need to *explain* to them the reason.

> There is a worm out there that zips itself and mails it along.


Sure, but until the Great Vendor delivers a mail client that
automatically, and without asking the user, "helpfully" unpacks the
contents of any zip archive attachment +and+ executes anything that it
might find there, you are reasonably safe against anything happening
*automatically*.

Could the vendor be that perverse? There seem to be enough
precedents. But meanwhile...

What you are NOT safe against, and the users need to be educated to
understand their responsibilities in that regard, is a user being
fooled into digging their own grave. So-called "social engineering"
techniques in the cover mail, leading to the user calmly doing the
attacker's bidding.

cheers