> -----Original Message----- > From: Ray [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 14, 2001 01:15 > To: Noonan, Wesley > Cc: '[EMAIL PROTECTED]' > Subject: RE: > > <snip> > Of course, but there are no magic scripts to do it. You have > to go to each > machine and do it manually. And i hope you don't have 4,000+ > machines on > your network like i do, cause it takes a while. (?!?!!??). No you don't. I can run a script from right here at my desk that not only will hit every machine on the network, but will hit and update them *even if WSH has never been installed on the remote machine* In fact, email me private. I'll send you a script I have that I used to provide a simlar function. > On the other > hand, what the hell are you talking about? I thought it was > implied, but > i meant block the attachment AT THE MAIL SERVER. The users > never see it. > If you send me a message with a SomeVirus.vbs attachement, > the mail server > catches it, and instead i get the message with a reject.txt > attachment. > reject.txt simply says 'The mail server removed a potentially > dangerous > file named SomeVirus.vbs. If you feel this is an error, contact the > postmaster.' No fancy scripts or .DAT files or client > updates necessary. You shouldn't imply things in the context of security. That leads to assumptions. To your point though, this isn't a bad design necessarily. It depends on the context (which has been my contention all along). > > I agree, and this is actually a very good alternative IMHO. > The only catch > > would be those Virus scanners that key on words, and might > think the .txt > > file (for example) is a virus based solely on the contents of the > > attachment. > > I don't think that's an issue. The same virus/worm sent as a > .txt file is > nowhere NEAR as dangerous as when it's sent as a .vbs file. The main > problem is the Outlook users (mostly) who time and again click on vbs > attachments. If they can't learn, you'd think at least the mail > administrators around the world would learn. When you click > a vbs script > with a .txt extenstion, it opens in notepad, and other than confusing > the already confused user, it hurts nothing. Agreed. I have never contended that one should just blanketly let .vbs come in. I have simply said that we need to weigh the options *before* we develop a solution. With a little skill and luck we will have a secure, yet balanced, policy. Wes Noonan, MCSE/MCT/CCNA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 [EMAIL PROTECTED] http://www.bmc.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
