http://www.ISAserver.org ------------------------------------------------------- No, you didn't. You just gave the obvious "don't do that" response. I actually DO have something that will block .docs at the mail server, even if in a zip, but that wasn't my question. So I guess all one can do is just block .doc extensions then... t On 12/9/06 12:05 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > I did. > In this day where "business needs" dictate an "all open" traffic profile > through your edge, and where the "port demons" rule the edge, I've all > but given up on the idea of trying to block anything beyond layer 3. > > That said, Antigen is supposed to bring the next big thing to > application-layer smarts, but it's not a reality yet. Lots of other > folks try really hard to scan at the edge, but it's a 'spensive > proposition, Lucy. > > Unless you have something in your edge and mail servers that can block > word docs by binary signature, even within a compressed file (don't' > forget to recognize, zip, tar, gz... you get the idea), you can't have > total protection. > > Unfortunately, unlike the wmf vuln, it's impossible to configure an HTTP > filter signature for this issue. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thor (Hammer of God) > Sent: Friday, December 08, 2006 6:47 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Word Doc Block > > http://www.ISAserver.org > ------------------------------------------------------- > > Obviously... But when it comes to a large user base working with masses > of other business associates, contacts, contractors, clients, > prospective employees, etc, and who have been trained to send Word docs > (and open them) over the last several years, the "don't accept from > unknown sources" isn't necessarily a viable option. > > Care to answer my question now? :-p > > t > > > On 12/8/06 4:00 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> Simple; I don't accept them from unknown sources. >> >> >> ------------------------------------------------------- >> Jim Harrison >> MCP(NT4, W2K), A+, Network+, PCG >> http://isaserver.org/Jim_Harrison/ >> http://isatools.org >> Read the help / books / articles! >> ------------------------------------------------------- >> >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of >> God) >> Sent: Friday, December 08, 2006 12:11 >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Word Doc Block >> >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> Anyone worried about the 0day Word issue to the point that you are >> blocking .doc files? Blocking word application type or just .doc? >> Anyone worried about a .doc in a .zip? >> >> t >> >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> All mail to and from this domain is GFI-scanned. >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx