dealing with w32/bagle
Dominic J. Eidson
sauron at the-infinite.org
Wed Mar 3 20:54:06 UTC 2004
On Wed, 3 Mar 2004, Brian Wilson wrote:
> Quoting Dan Hollis <goemon at anime.net>:
>
> > I am curious how network operators are dealing with the latest w32/bagle
> > variants which seem particularly evil.
>
> I am also interested in what network/mail folks are doing about this
> situation.
> Blocking all zip files at the mail level is next to impossible (since
> of course when we started blocking executable files, we told people to
> zip up executables) and since business can't be taken care of without
> someone requiring zip files to pass. I will be the first to admit that
> using mail as a file transfer protocol isn't the way to go, but getting
> people to realize that (and forcing them to change) is next to
> impossible.
Blocking all zip/exe/pif/etc files - seems to work pretty well here -
granted, it's on a smaller scale (~6k users, ~50k emails/day, ~7k
mails rejected/day, ~7k spam filtered/day)
- d.
--
Dominic J. Eidson
"Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/
More information about the NANOG
mailing list