Malware (Was: Re: (no subject))

Eric "Shubes" plug at shubes.net
Fri Sep 22 06:44:42 MST 2006


I saw one mail admin that blocked .xls and .doc extensions too. After all, 
they can contain macros that can cause damage. :( To me, that's excessive. I 
kind of doubt that you're blocking these extensions, Craig.

Where does it end?

Craig White wrote:
> I've been doing this for a number of years now and I don't recall a
> single instance when it was necessary for a user to get an attachment
> that was of a type (exe, com, pif, bat, scr, vbs and there's some more).
> 
> In a world where users do what users do, they can't be trusted not to
> blindly open things.
> 
> Yes, Outlook 2K3 and 2K will not allow them to open those files but you
> can change the security settings to get around that.
> 
> Older versions of Outlook, etc. aren't likely to have all of the
> safeguards in place.
> 
> Craig
> 
> On Thu, 2006-09-21 at 23:37 -0700, Kevin Brown wrote:
>> Nothing wrong with an exe getting through.  I, on occasion, send things 
>> to myself that are small executables (maybe its a perl script wrapped up 
>> with par, or a self executing zip file).  Outlook, being the jacked up 
>> program that it is, just flat out blocks them.
>>
>> Blindly blocking all .exe, .zip, .<xxx> attachments is just an idiotic 
>> knee-jerk reaction.  Much like banning violent video games because a few 
>> of the millions that play commit an act of excessive violence.
>>
>>> I think that if an exe attachment gets through an e-mail system to the
>>> end user, the battle is already lost. Whether they opened it or not is
>>> sort of immaterial. Users will do whatever users do.
>>>> One of my clients got an email to them from them and it had an .exe 
>>>> attachment.  Fortunately, they called me before opening it.  Same deal, 
>>>> though.
>> ---------------------------------------------------


-- 
-Eric 'shubes'


More information about the PLUG-discuss mailing list