[68135] in North American Network Operators' Group
Re: dealing with w32/bagle
daemon@ATHENA.MIT.EDU (Dominic J. Eidson)
Wed Mar 3 16:03:18 2004
Date: Wed, 3 Mar 2004 14:54:06 -0600 (CST)
From: "Dominic J. Eidson" <sauron@the-infinite.org>
To: <nanog@nanog.org>
In-Reply-To: <1078346189.404641cddd6a1@webmail.beret.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 3 Mar 2004, Brian Wilson wrote:
> Quoting Dan Hollis <goemon@anime.net>:
>
> > I am curious how network operators are dealing with the latest w32/bagle
> > variants which seem particularly evil.
>
> I am also interested in what network/mail folks are doing about this
> situation.
> Blocking all zip files at the mail level is next to impossible (since
> of course when we started blocking executable files, we told people to
> zip up executables) and since business can't be taken care of without
> someone requiring zip files to pass. I will be the first to admit that
> using mail as a file transfer protocol isn't the way to go, but getting
> people to realize that (and forcing them to change) is next to
> impossible.
Blocking all zip/exe/pif/etc files - seems to work pretty well here -
granted, it's on a smaller scale (~6k users, ~50k emails/day, ~7k
mails rejected/day, ~7k spam filtered/day)
- d.
--
Dominic J. Eidson
"Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/
