http://www.ISAserver.org ------------------------------------------------------- I did. In this day where "business needs" dictate an "all open" traffic profile through your edge, and where the "port demons" rule the edge, I've all but given up on the idea of trying to block anything beyond layer 3. That said, Antigen is supposed to bring the next big thing to application-layer smarts, but it's not a reality yet. Lots of other folks try really hard to scan at the edge, but it's a 'spensive proposition, Lucy. Unless you have something in your edge and mail servers that can block word docs by binary signature, even within a compressed file (don't' forget to recognize, zip, tar, gz... you get the idea), you can't have total protection. Unfortunately, unlike the wmf vuln, it's impossible to configure an HTTP filter signature for this issue. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Friday, December 08, 2006 6:47 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Word Doc Block http://www.ISAserver.org ------------------------------------------------------- Obviously... But when it comes to a large user base working with masses of other business associates, contacts, contractors, clients, prospective employees, etc, and who have been trained to send Word docs (and open them) over the last several years, the "don't accept from unknown sources" isn't necessarily a viable option. Care to answer my question now? :-p t On 12/8/06 4:00 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > Simple; I don't accept them from unknown sources. > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of > God) > Sent: Friday, December 08, 2006 12:11 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Word Doc Block > > http://www.ISAserver.org > ------------------------------------------------------- > > Anyone worried about the 0day Word issue to the point that you are > blocking .doc files? Blocking word application type or just .doc? > Anyone worried about a .doc in a .zip? > > t > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx