The person (sender) that wants to send the zip (or any file) sends an email to let the receiver know they want to send.
The receiver sends them back a file name to use.
The sender zips or otherwise processes their file and renames it accordingly.
The receiver refuses to open any file attachment that has a name they did not provide.
I'm thinking about making a tiny chunk of software to facilitate this too -
Sender pushes a button and the application sends them an email with a cryptographically strong file name to use.
Sender names their file accordingly.
Receiver gets email, pastes the name of the attachment on a web form and pushes a button.
The application verifies when the name was generated and by whom - or that it was not recognized.
Receiver renames or otherwise processes the file - or rejects it if it fails.
I know these sound like a lot of work, but in practice, not really.
Hope this helps, _M
At 03:26 PM 3/4/2004, you wrote:
Hi all,
I have banned ZIP files (Declude's VIRUS.CFG) and am instructing my customers, as a workaround, to rename any ZIP files prior to attachment.
But this brings up a disturbing question: What would prevent a virus from perpetrating the same workaround? I mean, if Bagle.J can instruct an individual to supply the necessary ZIP password, then it can also instruct the individual to rename a ".TXT," ".PDF" or randomly-generated file extension to ".ZIP?"
It follows that banning solely by file extension would become moot, given that no particular extension could be trusted.
What do you think?
Dave
--
David M. Delbridge Circa 3000 ColdFusion Hosting http://www.circa3k.com 866-CIRCA3K (247-2235) Outside U.S: +1.775-832-2445
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
