[isalist] Re: Word Doc Block

  • From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 10 Dec 2006 14:13:16 -0800

http://www.ISAserver.org
-------------------------------------------------------
  
No, you didn't.  You just gave the obvious "don't do that" response.

I actually DO have something that will block .docs at the mail server, even
if in a zip, but that wasn't my question.

So I guess all one can do is just block .doc extensions then...

t

 


On 12/9/06 12:05 AM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
>   
> I did.
> In this day where "business needs" dictate an "all open" traffic profile
> through your edge, and where the "port demons" rule the edge, I've all
> but given up on the idea of trying to block anything beyond layer 3.
> 
> That said, Antigen is supposed to bring the next big thing to
> application-layer smarts, but it's not a reality yet.  Lots of other
> folks try really hard to scan at the edge, but it's a 'spensive
> proposition, Lucy.
> 
> Unless you have something in your edge and mail servers that can block
> word docs by binary signature, even within a compressed file (don't'
> forget to recognize, zip, tar, gz... you get the idea), you can't have
> total protection.
> 
> Unfortunately, unlike the wmf vuln, it's impossible to configure an HTTP
> filter signature for this issue.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thor (Hammer of God)
> Sent: Friday, December 08, 2006 6:47 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Word Doc Block
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Obviously... But when it comes to a large user base working with masses
> of other business associates, contacts, contractors, clients,
> prospective employees, etc, and who have been trained to send Word docs
> (and open them) over the last several years, the "don't accept from
> unknown sources" isn't necessarily a viable option.
> 
> Care to answer my question now? :-p
> 
> t
> 
> 
> On 12/8/06 4:00 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>> 
>> Simple; I don't accept them from unknown sources.
>> 
>> 
>> -------------------------------------------------------
>>    Jim Harrison
>>    MCP(NT4, W2K), A+, Network+, PCG
>>    http://isaserver.org/Jim_Harrison/
>>    http://isatools.org
>>    Read the help / books / articles!
>> -------------------------------------------------------
>>  
>> 
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of
>> God)
>> Sent: Friday, December 08, 2006 12:11
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Word Doc Block
>> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>   
>> Anyone worried about the 0day Word issue to the point that you are
>> blocking .doc files?  Blocking word application type or just .doc?
>> Anyone worried about a .doc in a .zip?
>> 
>> t
>> 
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> All mail to and from this domain is GFI-scanned.
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: