How to improve DCC handling of attachments?

Gary Mills mills@cc.umanitoba.ca
Sun Jul 9 01:52:46 UTC 2006


On Sat, Jul 08, 2006 at 05:14:32PM -0600, Vernon Schryver wrote:
> > From: Gary Mills 
> 
> > >      Don't many sites block such mail because it is so often a Microsoft
> > >      worm/virus?
> >
> > That's a policy issue.  Virus e-mail often contains a ZIP file, but
> > many ZIP files in e-mail contain legitimate files.
> 
> My question (for a change) was not rhetorical.  Do many sites block
> all mail with ZIP attachements?

Some apparently do, but I have no statistics on that.  We decided not
to block them.  I do have a mandate to block executable attachments,
such as PIF and EXE files, although I'm not convinced of the benefits
of doing so.

> There is a 4th tactic I forgot to mention.  
> I have the impression that some versions of Windows execute ZIP
> files received via mail even without games played with file names
> and extensions.  If that is true, that reasonable senders of such
> messages will include unique text with each message to convince
> recipients to open the ZIP attachments.  Such unique text should
> generate unique FUZ2 checksums.

I'm not a Windows expert, but I suspect there's no single answer to
that question.  It depends on whether the native ZIP decoder is used
or a third-party product is installed, as well as on configuration.
I understand that a sizeable portion of Windows users opt for
convenience rather than security.  This means that they log in with
administrator privileges, disable all warnings and rely on a pattern-
based virus scanner to protect them if they execute a malicious file.
They don't need any convincing to open attachments.  They also get hit
by new viruses that aren't in the pattern file.

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.