North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes)

  • From: Valdis.Kletnieks
  • Date: Sat Dec 15 00:57:47 2001

On Sat, 15 Dec 2001 03:11:29 GMT, Hermann Wecke <[email protected]>  said:

> isn't it easier to stick a procmail recipe into the NANOG mail system
> dropping double extension files and other highly dangerous extensions,
> such as .scr, .lnk, .com, .dll, .pif and others???

Well.. that's closer than trying to restrict it based on size.

It's still wrong though, because the filtering *should* be done based on
the MIME type.  Of course, the whole *problem* here is that malware is
able to wave its little digital arms, hop up and down, and say:

"I'm a text/plain called whoops.exe - of course it's safe to run me,
who ever heard of a malicious text/plain?!"

Personally, I'd recommend a controlled burn, except that we've been having one
every 2 weeks already.

				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

Attachment: pgp00011.pgp
Description: PGP signature