OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Changed subject (was Re: reg. virus named ...)
From: Bennett Todd (betrahul.net)
Date: Thu May 04 2000 - 13:13:34 CDT

2000-05-04-13:38:57 Thomas Andres:
> > I think it'd be better still to make that
> >
> > /Content.*\.vbs/ REJECT
>
> Well... fine with me, but a few people might argue, that not all vbs
> attachements need to be rejected. Maybe one can do other things than
> viruses using vbs :)

In theory you can, although I've yet to hear of anyone whose life
would be shattered beyond recognition if any vbs attachments sent as
direct MIME attachments ended up getting a little bit quoted, just
enough to defuse the execute-on-opening booby trap wired into
certain mail user agents.

If any of my users complained because they couldn't just hit return
on a vbs attachment and have it automatically executed without them
having to look at it, I would not feel strongly inspired to assuage
their grief. I might just possibly even undertake to enhance it a
smidgeon:-).

Like I said, I'm working on a thagomizer to filter an email,
matching it against a batch of regexps collected from a config file,
and if it finds any matches anywhere, quote the thing to defang
attachments.

I don't like just tossing email; it might e.g. prevent me from
seeing a message with a great new defense against whatever the
problem is.

-Bennett

  • application/pgp-signature attachment: stored