OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: reg. the virus which is spreading fast
From: Brad Knowles (blkskynet.be)
Date: Fri May 05 2000 - 09:34:33 CDT

At 10:27 AM -0400 2000/5/5, Bennett Todd wrote:

> and I'm planning on dealing with _all_ messages by simply disabling
> the attachments and forwarding them on. So yes, the patternfile will
> require maintenance, and it will only be practical to update it if
> you're comfortable writing regexps.

        This may work fine for your site, but those of us at ISPs with
hundreds of thousands or millions of customers can't do this. We
need a more general solution that would actually look inside the
VisualBasic scripts (or any other sort of file that could potentially
be executed, such as WordBasic macros), simulate running them, and
then monitor for "undesirable" behaviour.

        Stuff that passes that check could then be sent on (so that we
don't drop all .VBS attachments), but stuff that fails could be
quarantined.

        This is a much bigger problem to solve, and much more difficult.
While there may be individual anti-virus programs that will do this
sort of thing for the machine they are running on, I do not know of
any gateway/firewall type solution that does (or is capable of doing)
something similar. 

--
   These are my opinions -- not to be taken as official Skynet policy
======================================================================
Brad Knowles, <blkskynet.be>                || Belgacom Skynet SA/NV
Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124
Phone/Fax: +32-2-706.13.11/12.49             || B-1140 Brussels
http://www.skynet.be                         || Belgium