|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: zip files was Re: [AMaViS-user] decoder for zip?
From: mouss (usebsd
free.fr)
Date: Fri Oct 07 2005 - 14:15:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jorey Bump a écrit :
> Covington, Chris wrote:
>
>> I've noticed a lot of our business partners don't allow .zip either out
>> of extreme caution or because of primitive filters which can't inspect
>> zip content. What do you on these lists do?
>
>
> I block all *.zip files on most of the sites I administer. I've only
> had one client ask for the restriction to be removed. The others are
> happy with renaming the extension to bypass the restriction.
>
> It's a flawed approach in some ways, but there are no silver bullets
> when fighting spam & viruses. You have to fill a catapult with pots,
> pans, rotten fruit, flaming dung, musical instruments and assorted
> barnyard animals.
This is a loal policy issue.
- the risk isn't in zip or bzip or whatever. After all, these are just
representations. The risk is in the content. if you can unzip the file,
you can decide based on its contents. if you can't (encrypted,
malformed, ...), it may be safer to reject it [or you can install a
cracker, so as to allow encrypted zips. but...]
- some sites reject executables but not zip files. the rationale is that
zip files wouldn't be executed automatically. while not absolutely
guaranteed, this is generally true.
- some sites just rename them. (software like zonealarm does so)
If your users think zip files (and even xls, ppt, ...) are important for
their work, technical arguments may not help....
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]