[Esd-l] How to mangle contents of a .zip file?
John D. Hardin
jhardin at impsec.org
Tue Mar 9 22:14:18 PST 2004
On Wed, 10 Mar 2004, Brian Hampton wrote:
> Yeah, I began writing such policies in procmail and then realized
> that it was going to be difficult to maintain the list of valid
> people/domains that would be allowed to exchange zipped executables.
Well, for internal use that should be a set it and forget it
configuration. Does your list of external contacts vary that much?
One way to simplify it might be to put a "key phrase" into the subject
that would let certain ZIPs be accepted.
> The reason this whole issue came up is because the sanitizer has
> worked so well that people aren't used to getting any kind of
> dangerous attachment (excellent work, btw!). But the latest batch
> of .zip viruses that look like they come from me (the admin)
> fooled a couple folks.
Oops. Sorry. Mea culpa.
:)
> I may have to put in something like ClamAV in addition to the
> sanitizer.
I've always recommended the sanitizer be part of a multilayer defense.
It is not a replacement for antivirus software on individual Windows
systems. I hope that any leakers got caught...
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
25 days until the Slovakian Presidential Election
More information about the esd-l
mailing list