[THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)

• From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 4 Mar 2004 09:21:55 -0500

Blocking the specific filename attachments that Bagle and it's variants
use.  These are documented by SARC and others.  This lets me accepts
legit .ZIPs but not the virus.  This is a short term option as I expect,
very soon, a variant (or new virus) that randomly generates encrypted
.ZIPs.=20

Some people on Focus-VIRUS mailing list are blocking attachment under a
certain size.  Others block .ZIP entirely.  The only methods are
filtering methods.  No AV scanning products can pick up the virus itself
inside a password protected ZIP.  The AV companies need to come up with
something quick! =20



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Andrew Rogers
Sent: Thursday, March 04, 2004 9:02 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Security response to BAGLE virus
(passwordprotected .zips)

We've got Clearswifts Mailsweeper here, and have blocked (well, ok,
mailswe=3D eper distribute lists) all the phrases that the worms use.
We've also got s=3D ize limits set on the attachments, so we can stop =
all
attachments of type x=3D  under size y!

Andrew
--o--

>>> BClaus@xxxxxxxxxxxxx 04/03/04 13:28:12 >>>
Just wondering what others are doing to combat the latest BAGLE worm.
=3D3D It's password protected so standard AV won't scan into it.  How is
=3D3D everyone else handling delivery of .zip files now?

We're using the Trend Micro AV suite.

Do you think the latest password protected BAGLE worm has caused the =
=3D3D
demise of password protected .zip files?

My immediate opinion in the matter is that password protected .zip files
=3D3D will now be treated with the same delivery restrictions that the
.exe, =3D3D .scr, .pif, .vbs have come under but I'm not aware of any AV
software or =3D3D other means to differentiate scanning options between
p\w protected .zip =3D3D files and non p\w protected .zip files.


Thanks,
=3D3D20

  _____ =3D3D20

=3D3D20
Brian Claus, A+, Network+, MCP
Network Administrator
WESCO Distribution, Inc.
225 West Station Square Drive, Suite 700 Pittsburgh, PA 15219-1122
Phone:  412-454-2412
Fax:  412-454-2540
bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>=3D3D20
  _____ =3D3D20

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com=3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm=3D20
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation
mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential applications to
eliminate your printing, policy and profile, and your application
management problems.
http://www.triCerat.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)
• » [THIN] Re: OT: Security response to BAGLE virus (passwordprotected .zips)

1. Home
2. thin
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---