Re: [Declude.Virus] Banned Extensions at Bechtel

[Matt]

I'm torn between "ultimate virus protection" and not inhibiting users. My thoughts in blocking things like SCR and PIF files is that they are almost never set for legitimate reasons, but EXE's are. I also do Web design and have Web design clients that send things like JS files back and forth.  If these start becoming common in viruses, I will ban them as well.  I think the only reason why EXE's aren't as common is because so many systems block them so they go for things more obscure like PIF's and SCR's.  Anything capable of auto-executing should be banned, however those issues seem to have been mostly cleaned up from Outlook.  I just don't know enough to determine what exactly I should be blocking, and like you indicated, one of the entries in this list has to be compiled first. So where's the middle ground between the ultimate and enabling people to do their work without jumping through hoops? Matt Todd Holt wrote: I would suggest that you ban any extension that can either auto-execute or be executed by double-clicking on the attachment.  And by “executed” I mean to perform an action on the system that could be used for malicious purposes.  We ban .exe files because the user could execute the attachment by simply single clicking the attachment in some cases.  However, an .exe file in a .zip file would require the user to “accidentally” click twice, once in the mail client and a second time in zip program.  That protection could be taken to the point of prohibiting all .exe files, which is certainly not the intent in most cases.   Todd Holt Xidix Technologies, Inc Las Vegas, NV  USA www.xidix.com 702.319.4349   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Wednesday, January 28, 2004 4:18 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Banned Extensions at Bechtel   This list is generated from Microsoft's default exclusions in Outlook (the $500 billion virus solution is to turn off all executable attachments...) I'm not a fan of going overboard here, especially with things that I don't understand where they might be used (and I'm well aware that others disagree).  I ban about 5 extensions and that seems to have done the trick with most of these viruses lately as a pre-emptive solution.  I allow EXE files through my server also, and no customers (including systems integrators) have asked that I block things like EXE's.  I'm sure that I could expand my list a bit more without harm, but I'm thinking there is a middle ground between where I am and where this list goes. Feel free to point out the flaws in my thinking. BTW, I like the format of this notification. Matt R. Lee Heath wrote: Thought some here would find this interesting. This is the banned extensions at Bechtel.. the prominent information resource... and their responder message.     File(s): document.scr   Matching filename: *.scr   Your attachment did not reach the intended recipient.  To protect Bechtel's network from  viruses or other potentially harmful files, the following types of attachments are not allowed to enter or leave the Bechtel network:   . ADE  Microsoft Access Project Extension . ADP  Microsoft Access Project . BAS  Visual Basic? Class Module . BAT  Batch File . CHM  Compiled HTML Help File . CMD  Windows NT? Command Script . COM  MS-DOS? Application . CPL  Control Panel Extension . CRT  Security Certificate . EXE  Application . HLP  Windows? Help File . HTA  HTML Applications . INF  Setup Information File . INS  Internet Communication Settings . ISP  Internet Communication Settings . JS   JScript? File . JSE  JScript Encoded Script File . LNK  Shortcut . MSC  Microsoft Common Console Document . MSI  Windows Installer Package . MSP  Windows Installer Patch . MST  Visual Test Source File . PCD  Photo CD Image . PIF  Shortcut to MS-DOS Program . REG  Registration Entries . SCR  Screen Saver . SCT  Windows Script Component . SHS  Shell Scrap Object . URL  Internet Shortcut (Uniform Resource Locator) . VB   VBScript File . VBE  VBScript Encoded Script File . VBS  VBScript Script File . WSC  Windows Script Component . WSF  Windows Script File . WSH  Windows Scripting Host Settings File     To successfully send an attachment listed above to or from the Bechtel network, try one of the following options: 1.) Rename the file before attaching it to the email.  For example, rename EXAMPLE.EXE to EXAMPLE_EXE.  Make sure to add a note in the email to rename the extension back to .EXE when it arrives. 2.) ZIP the file and rename to a file type not listed above.  Attached the ZIP file to the email. 3.) Instead of sending URL attachments, copy and paste the Web address into the email (i.e. http://www.example.com/default.htm).   For further assistance within Bechtel, please contact your local helpdesk.         -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com   --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]   --- This E-mail came from the Declude.Virus mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".    The archives can be found at http://www.mail-archive.com.       -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================