|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
jhobbs
Cadet
Joined: May 27, 2003
Posts: 3
Location: USA
|
 Posted: Sat Aug 23, 2003 9:22 am Post subject: B9 stops SoBig virus/worm? |
|
|
If Benign minimizes or eliminates the risk of infection from the Sobig series of virus/worms, I suggest you trumpet this fact very loudly, and immediately!  |
|
| Back to top |
|
 |
TimeGhost
Captain
Joined: Apr 11, 2003
Posts: 650
Location: USA
|
| Posted: Mon Aug 25, 2003 10:35 am Post subject: |
|
|
It depends on which variant of SoBig you mean. I think .E sends ZIP attachments. They would get through unless the user changed the security profile. But the latest one (.F) uses a .PIF, which would be renamed to a different extension even in the lowest security profile. There's nothing to prevent a user from re-renaming the file back to it original state and then invoking it, though.
Rusticdog once wrote that Firetrust had debated whether to add ZIP files to the default list of potentially malicious file types. It's not there, yet. |
|
| Back to top |
|
|
rusticdog
Site Moderator
Premium Member
Joined: Aug 12, 2002
Posts: 2581
Location: New_Zealand
|
| Posted: Tue Aug 26, 2003 12:19 am Post subject: |
|
|
| Quote: |
| Rusticdog once wrote that Firetrust had debated whether to add ZIP files to the default list of potentially malicious file types. It's not there, yet. |
and he continues to write......
Yes we will be adding archive files to Benign (RAR, ZIP etc..) though on all settings these will be renamed rather than blocked as archive files are a very common file type to use for e-mail transport.
Another option will also come later to block all file types.
|
|
| Back to top |
|
|
Ikeb
General
Premium Member
Joined: Apr 20, 2003
Posts: 3555
Location: Canada
|
| Posted: Tue Aug 26, 2003 12:37 am Post subject: |
|
|
I trust that it will be straightforward to rename the extension back to the archive type it was originally when the user determines that the file is legit. As you say, emailing such archive files is quite common and the renaming should be thought of as the means to alert a user to the potential compromise should the file house a trojan horse/virus yet allow the user to accept the file with minimal extra effort once such a possibility is discounted by the user.
_________________
I like SPAM ... on my sandwich! |
|
| Back to top |
|
|
rusticdog
Site Moderator
Premium Member
Joined: Aug 12, 2002
Posts: 2581
Location: New_Zealand
|
| Posted: Tue Aug 26, 2003 12:54 am Post subject: |
|
|
| Quote: |
| I trust that it will be straightforward to rename the extension back to the archive type it was originally when the user determines that the file is legit |
Yes it will be the standard B9 functionality, all extensions set by your security profile to be renamed, will have .B9 added to the end of the file type, when opening a .B9 file you will receive a warning that file may not be safe...Do you wish to Continue etc...
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
