|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes)
On Sat, 15 Dec 2001 03:11:29 GMT, Hermann Wecke <[email protected]> said: > isn't it easier to stick a procmail recipe into the NANOG mail system > dropping double extension files and other highly dangerous extensions, > such as .scr, .lnk, .com, .dll, .pif and others??? Well.. that's closer than trying to restrict it based on size. It's still wrong though, because the filtering *should* be done based on the MIME type. Of course, the whole *problem* here is that malware is able to wave its little digital arms, hop up and down, and say: "I'm a text/plain called whoops.exe - of course it's safe to run me, who ever heard of a malicious text/plain?!" Personally, I'd recommend a controlled burn, except that we've been having one every 2 weeks already. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00011.pgp
|