[Full-Disclosure] E-Mail viruses
lists2 at onryou.com
Fri Mar 5 23:52:58 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Curt Purdy wrote:
>> Personally I'd dispute this solution's elegance, anything
>> which requires substantial user behaviour change (and doesn't
>> drastically improve the virus/worm situation across the board)
>> is an ugly kludge.
> I would say that completely eliminating all virus infected
> attachments, past/present/future without any further interaction by IT
> dramatically improve the virus/worm situation across the board.
The problem is, though, you're training your users and customers (likely
at significant expense) to use some bizarre munging method to satisfy
the whims of your particular mail gateway.
Although it will stem the flow of incoming automated worms/viruses on
your end, this will not help reduce virus/worm propagation anywhere else.
This, to me, is not what I would call dramatically improving the
virus/worm situation across the board.
Think about the implementation nightmare. What will you do when someone
attempts to send an attachment to one of your users? Will you fire off
an automated response, instructing them to use your .xyz solution? How
will you prevent sending notifications to forged From: addresses?
Will you instead simply silently kill all attachments, passing the body
of the message -- that's ugly too, it requires the recipient to notify
the sender their attachment was blocked, describe your solution to them,
and hope the attachment gets resent. Do you trust your users to
accurately describe file renaming to other users? Are your users
comfortable with the variety of OSes still out there? Are your users
smart enough to realize they shouldn't start renaming attachments they
send to other folks?
Also, keep in mind your users will still get hammered by all those
annoying e-mail virus/worm messages (sans executables), unless you also
continue to implement an anti-virus scanner. Didn't you hope to be rid
Finally, what if you decide to change procedure in the future?
Everything you've taught your users is completely useless to them, all
that time and effort ends up being a complete writeoff, and you'll have
to *untrain* them all.
Your idea is interesting and certainly deserves further thought and
discussion, but it's no panacea. Instead of implementing this
particular solution (with all its costs), I'd instead recommend Old
1) Continue following industry Best Practices.
2) Educate your users as best you can.
In my mind this is much, much better (for everyone) in the long run.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.