"Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sat Dec 15 05:54:40 UTC 2001

On Sat, 15 Dec 2001 03:11:29 GMT, Hermann Wecke <hermann at rodeios.com>  said:

> isn't it easier to stick a procmail recipe into the NANOG mail system
> dropping double extension files and other highly dangerous extensions,
> such as .scr, .lnk, .com, .dll, .pif and others???

Well.. that's closer than trying to restrict it based on size.

It's still wrong though, because the filtering *should* be done based on
the MIME type.  Of course, the whole *problem* here is that malware is
able to wave its little digital arms, hop up and down, and say:

"I'm a text/plain called whoops.exe - of course it's safe to run me,
who ever heard of a malicious text/plain?!"

Personally, I'd recommend a controlled burn, except that we've been having one
every 2 weeks already.

				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20011215/364e0673/attachment.sig>

More information about the NANOG mailing list