[SASAG] Spam/AV Filtering

spam at tprophet.org spam at tprophet.org
Fri Sep 25 10:35:37 PDT 2009


It's hard to block zip and pdf without getting in the way of the 
business, even though these attachment types can carry malware. Your 
virus wall should scan these file types before passing them along - you 
can protect yourself beyond that by making sure users stay up to date on 
the Adobe reader, since it's ridiculous bloatware riddled with security 
vulnerabilities at this point. Users, in general, seem to be getting 
more sophisticated and they can be trained to pick up the phone when 
they're suspicious of an attachment.

Some attachment types are always worth blocking, though--when is the 
last time that a legitimate .reg, .pif, .com, .exe, .cmd, .bat (to name 
a few examples) was sent in email? :)

-TProphet

eric at kahklen.com wrote:
> We currently use a spam/av appliance at our gateway.  In addition, we also
> check for attachment types and only allow certain types such as .doc, .pdf,
> .xls....  At times, legitimate types such as zip files are blocked and
> unfortunately there is no way to "whitelist" the sender with certain file
> types so that they can get through to the end users mailbox.  In the past,
> senders have renamed their attachment with a .txt file type.  Although this
> is a convienent solution for the end user, it seems like an easy way to
> circumvent the idea of attachment checking in the first place.  Do most
> people still block attachment types? or do they rely on their AV scanning
> software to quarantine/delete viruses and malware?
> 
> Thanks,
> Eric  
> 
> _______________________________________________
> Members mailing list
> Members at lists.sasag.org
> http://lists.sasag.org/mailman/listinfo/members



More information about the Members mailing list