[isalist] Re: Word Doc Block

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Sat, 9 Dec 2006 00:05:54 -0800

http://www.ISAserver.org
-------------------------------------------------------
  
I did.
In this day where "business needs" dictate an "all open" traffic profile
through your edge, and where the "port demons" rule the edge, I've all
but given up on the idea of trying to block anything beyond layer 3.

That said, Antigen is supposed to bring the next big thing to
application-layer smarts, but it's not a reality yet.  Lots of other
folks try really hard to scan at the edge, but it's a 'spensive
proposition, Lucy.

Unless you have something in your edge and mail servers that can block
word docs by binary signature, even within a compressed file (don't'
forget to recognize, zip, tar, gz... you get the idea), you can't have
total protection.

Unfortunately, unlike the wmf vuln, it's impossible to configure an HTTP
filter signature for this issue.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Friday, December 08, 2006 6:47 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Word Doc Block

http://www.ISAserver.org
-------------------------------------------------------
  
Obviously... But when it comes to a large user base working with masses
of other business associates, contacts, contractors, clients,
prospective employees, etc, and who have been trained to send Word docs
(and open them) over the last several years, the "don't accept from
unknown sources" isn't necessarily a viable option.

Care to answer my question now? :-p

t


On 12/8/06 4:00 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Simple; I don't accept them from unknown sources.
> 
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of 
> God)
> Sent: Friday, December 08, 2006 12:11
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Word Doc Block
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Anyone worried about the 0day Word issue to the point that you are 
> blocking .doc files?  Blocking word application type or just .doc?  
> Anyone worried about a .doc in a .zip?
> 
> t
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

• References:
  • [isalist] Re: Word Doc Block
    • From: Thor (Hammer of God)

Other related posts:

• » [isalist] Word Doc Block
• » [isalist] Re: Word Doc Block
• » [isalist] Re: Word Doc Block
• » [isalist] Re: Word Doc Block
• » [isalist] Re: Word Doc Block
• » [isalist] Re: Word Doc Block
• » [isalist] Re: Word Doc Block
• » [isalist] Re: Word Doc Block

1. Home
2. isalist
3. Archive
4. 12-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---