[442] in Kakapo Windows Team
[Kakapo]
daemon@ATHENA.MIT.EDU (Bryant C. Vernon)
Mon Aug 2 14:13:24 2004
From: "Bryant C. Vernon" <bcvernon@mit.edu>
To: Jonathan McIndoe Hunt <jmhunt@mit.edu>, Tim McGovern <tjm@mit.edu>,
Jonathan McIndoe Hunt <jmhunt@mit.edu>
Date: Mon, 2 Aug 2004 14:09:35 -0400
In-Reply-To: <6.2.0.1 alpha.2.20040802133531.0218c7d8@hesiod>
Message-ID: <20040802140936062.00000002648@wingchun>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
cc: virusscan-release@mit.edu
cc: kakapo@mit.edu
cc: nsga@mit.edu
Errors-To: kakapo-bounces@mit.edu
Hi Jon,
You are correct. There are a couple of reasons to not exclude files with multiple extensions (including the one you mentioned as well as the possibility that people may use periods as part of the filename--i.e. rough draft.ver1.doc, etc). We found the policy overly restrictive and concluded that up-to-date dat files and security policies implemented at a barrier level (such as the one Jeff Schiller implemented within the past year to stop the spread of a .zip file compressed virus) would be sufficient to protect against malicious attempts to exploit vulnerabilities that rely on multiple file extensions.
-Bryant
----------------
Bryant C. Vernon
Product Release Coordinator
Software Release Team
Massachusetts Institute of Technology
http://web.mit.edu/swrt
t: 617-253-5103
f: 617-258-8736
m: bcvernon@mit.edu
-----Original Message-----
From: Jonathan McIndoe Hunt [mailto:jmhunt@MIT.EDU]
Sent: Monday, August 02, 2004 1:41 PM
To: Tim McGovern; Jonathan McIndoe Hunt
Cc: kakapo@mit.edu; nsga@mit.edu; virusscan-release@mit.edu
Subject: Re: VirusScan Enterprise 8.0i recommended MIT default settings for review
Hi Tim,
I believe that the reason for excluding this is because at MIT, legitimate
attachments may have multiple extensions, for example anything compressed
with tar and gz such as vpnclient-linux-4.0.1.A-k9.tar.gz (the Linux VPN
client), which I wouldn't encourage e-mailing. Also, this would pick up a
file like notes.7.31.2004.txt or photos-8.2.04.zip and report them.
The attachments will be scanned for viruses with this settings, but it will
not pick up new ones that use multiple file extensions unless they are in
the DAT.
Can others on the release verify this is the reason for the change from
NAI's default or correct my understanding?
Thanks,
Jon
At 09:49 AM 8/2/2004, Tim McGovern wrote:
>Jon,
>
>I think I understand all of the changes, and they seem appropriate, except
>one:
>
>Heuristics: Find attachments with multiple extensions
>Default Yes
>MIT No
>
>Can you explain this change?
>
>Thanks,
>Tim
>
>At 3:08 PM -0400 7/30/04, Jonathan McIndoe Hunt wrote:
>>Good Afternoon,
>>
>>Below you will find a link to the proposed VirusScan Enterprise 8.0i
>>settings (excel spreadsheet) that the release team has come up to be the
>>defaults for the MIT installer we hope to release in August.
>>
>>http://web.mit.edu/swrt/releases/virusscan/virusscan-settings-v1.xls
>>
>>We would appreciate feedback and comments about the choice of settings
>>next week. Our current expectation is that McAfee will release VSE 8.0i
>>on August 11 (Wednesday). We need to turn that around within a day or
>>two to make the Fall CD, so time is short. We'd like to be able to
>>discuss any changes to the settings with you, so please provide feedback
>>or questions to virusscan-release@mit.edu no later than Friday, August
>>6. If you can get stuff to us before Wednesday the 4th, that would be
>>even better so we can discuss it at the next release meeting.
>>
>>Thanks,
>>Jon
>
_______________________________________________
Kakapo@mit.edu
http://mailman.mit.edu/mailman/listinfo/kakapo
