RE: WMF Vulnerability
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 15:46:23 -0800
Of course there is (more).
ISA can't "see into" mail without the msg screecher, so I won't be able to
predefine functional settings for that.
At least the HTTP filter has some areas to play in.
There's no way to create a catch-all policy; what we're shooting for is "best
bang for the buck".
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, January 04, 2006 15:26
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vulnerability
http://www.ISAserver.org
Hey Jim,
I've done those things already, but it seems there is more to the story.
Still have to worry about e-mail too.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Wednesday, January 04, 2006 3:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
>
> http://www.ISAserver.org
>
> Those are two separate questions.
> ISA doesn't use the OS file associations to make its decisions, so
> blocking file types of .wmf or content-types of
> application/x-msmetafile will get you some relief.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Hillaert, Todd [mailto:THillaert@xxxxxxxx]
> Sent: Wednesday, January 04, 2006 12:42
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
>
> http://www.ISAserver.org
>
> Hi
>
> Correct me if I'm wrong, but as I understand it, a WMF is not handled
> by the operating system only according its extension, but by special
> flags set within the file itself.
>
> That's why blocking *.wmf or the mime types will not stop it.
>
> Todd
>
> -----Original Message-----
> From: Brian Boyes [mailto:BrianB@xxxxxxxxx]
> Sent: Wednesday, January 04, 2006 2:37 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
>
> http://www.ISAserver.org
>
> True enough. You had mentioned it was doable with GFI and I though it
> might be useful to mention how it could be done via surfcontrol as
> well.
> Personally, I blocked WMF files at ISA and with my surfcontrol filter,
> just in case.
>
> Brian
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, January 04, 2006 2:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
>
> Hi Brian,
>
> You don't need SurfControl just to block .wmf files, you can use the
> OOB ISA firewall to do that.
>
> Tom
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> thillaert@xxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
