[Esd-l] ZIP scanning, take two (repost)

Mark Wendt (Contractor) wendt at kingcrab.nrl.navy.mil
Mon Feb 23 03:02:30 PST 2004


John,


At 09:06 PM 2/22/2004, John D. Hardin wrote:
>Okay, the list seems to be working again...
>
>All:

<snip>


>Question: should I make the "ZIPPED_EXECUTABLES=$POISONED_EXECUTABLES"
>the default behavior? In other words, should I force you to think
>about your zipped files policy by making it reject everything if you
>don't give a policy, or should ZIPs be trusted by default unless you
>want to be more careful.

Maybe we could mangle the extension much like we do for html?  That way, a 
legitimate zip attachment would be lost, but make it much more difficult 
for the user to open the file?  Dunno, we use the zip extension to let docs 
and xls stuff through if they are compressed.


>As always, I'm leaning towards default-paranoid.
>
>--
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
>  jhardin at impsec.org                        pgpk -a jhardin at impsec.org
>  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
>-----------------------------------------------------------------------
>   "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
>   does quite what I want. I wish Christopher Robin was here."
>                                 -- Peter da Silva in a.s.r

Mark Wendt
System/Network Administrator
Code 8140
Naval Research Laboratory
4555 Overlook Ave, SW
Building 68, Room 219
Washington DC
202-767-0955
202-404-8520 Fax
===============================================
"Sendmail administration is not black magic.  There are legitimate
technical reasons why it requires the sacrificing of a live chicken."
    - Unknown 


More information about the esd-l mailing list