virus security opinions

Check out this quote I got about a new virus called 'Gokar'.

"Infected e-mail arrives in user inboxes with dozens of combinations of different subject lines, body messages and filenames, though each attachment will end with the .PIF, .SCR, .EXE., .COM or .BAT extensions, the companies said."
"Users should check with their antivirus companies for software updates. Companies are urged to block attachments, especially .exe., .scr. and .pif file, at their mail gateways to avoid infection."

This isn't anything new, but I'm struggling with the issue of blocking such attachments at my gateway. To me, stripping all attachments as a precaution isn't a fun idea.

Right now I'm blocking .vbs .shs .pif at my virus gateway.

Not many files that aren't viruses come through with those extensions. (although someone emailed me a zip file update to PcAnywhere with tons of scrap files (shs) and it got totally trashed - the gateway opened it up, stripped the files out, zipped it back up! not cool!)

So what should I realistically block? Users send who knows what stuff back and forth all the time. I can see where users would be legitimately emailing .exe and .scr files. I hate having to reduce my network's functionality because of possible virus threats -- it makes me feel like they've beaten me without even infecting my system!

So whaddya think?

 

Why is it legitamate that they be able to download or email a .scr file? Screensavers aren't necessary and a waste of email traffic. Maybe it should be up to the end user to screen their PC's for what is coming in and just protect your servers. This is a tough one and it might be for their own good to block everything if they don't have the common sense not to open everything that comes their way. Either that or if students want to use their private computers on your network then they have to play by your rules or find a private ISP and pay for it themselves. Set up rules about them having virus software on their PC's that has to be up to date and if not they will be shut down.

 

I agree that losing needed functionality because of fearing a virus is not a rational reason.

However you could configure the system to block files that most normal users should not send through email:
.VBS .SHS .PIF .SCR .EXE .COM or .BAT
While allowing zip files to pass without being scanned internally. That way if any person needed to send these types of files through the mail they could and it would be the users responsibility to understand that .zip files may have malicious files in them and to look before they unzipped.

Not a perfect solution, but at least it saves the naive user and puts some responsibilities on the knowledgeable user.

 

Hmm. Good idea - I'll check and see if my Gateway can be set to let zip files through without scanning them...

 

Rikku,

You could use mailwasher

http://www.mailwasher.net/#

 

Thanks hewee!

I'll check that out!

 

You are welcome.