We normally allow ZIP files and rely on the Exchange AV to look inside the ZIP files to remove virus ZIPs. This assumes that the AV Dats files are up to date. We also rely on the Desktop-based AV to be up to date as well. We have had to move to twice-a-day updates for both systems.
When we are getting hit with a lot of ZIP-based viruses, we add ZIPs to the attachment blocking list. Our users are pretty understanding about the need to do this. FWIW, we also have other secured web-based systems in place for the common and frequent data transfers with partners and customers, etc. so the need to email ZIP files is minimized anyway. Users have to understand that in a time like this, blocking of ZIP files is necessary. Some AV systems will still detect a ZI_ file as a ZIP file and handle accordingly. Sometimes renaming to a nonsense extension before attaching and informing the recipient to rename back after detaching (with appropriate caveats to assume the attachment is bad and scan the heck out of it) work in a pinch. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Waters, Jeff > Sent: Wednesday, January 28, 2004 10:39 AM > To: Exchange Discussions > Subject: Attachment Blocking and .zip files > > > So I know that most of us are blocking the most common > attachments but .zip > has not usually been included in them. Yes I know that a > .zip file has the > files we are blocking, however we still have to provide a way > of conducting > business to our end users. So now for the questions; > 1) For those that are not blocking .zip files have you > started to reevaluate > that decision? If so how are you thinking that you will overcome the > business need for attachments to get to your end users? > My answer, Yes we are thinking of starting to block .zip > files. My > initial thought was to have the users rename them to *.zi_ so > that it would > take manual user intervention to rename the file and open it. > > 2) For those that are already blocking .zip files how are you > dealing with > users and their need for attachments? > > We were lucky on this one, in the 2 hours that it took Trend > (thank you > Trend!) to get the definition file on the street, we had twenty some > messages delivered here. My luck was that due to the Snow & > Ice we got our > offices were closed on Monday so all the attachments were > cleaned during the > manual scan Tuesday morning. If we had been at work I'm not > sure that one > of our users would not have opened the message. As I stated > I am looking at > adding .zip files to our you can't come here list, I am just > trying to get a > feel for what ya'all are doing as well. > Thanks > Jeff > > Jeffrey R. Waters > Senior Systems Engineer > Hanover County, Information Technology > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
