"Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes)
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sat Dec 15 05:54:40 UTC 2001
On Sat, 15 Dec 2001 03:11:29 GMT, Hermann Wecke <hermann at rodeios.com> said:
> isn't it easier to stick a procmail recipe into the NANOG mail system
> dropping double extension files and other highly dangerous extensions,
> such as .scr, .lnk, .com, .dll, .pif and others???
Well.. that's closer than trying to restrict it based on size.
It's still wrong though, because the filtering *should* be done based on
the MIME type. Of course, the whole *problem* here is that malware is
able to wave its little digital arms, hop up and down, and say:
"I'm a text/plain called whoops.exe - of course it's safe to run me,
who ever heard of a malicious text/plain?!"
Personally, I'd recommend a controlled burn, except that we've been having one
every 2 weeks already.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20011215/364e0673/attachment.sig>
More information about the NANOG
mailing list