Mailing List CGatePro@mail.stalker.com Message #106131
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: How are you handling zip files attachments in mail?
Date: Thu, 28 Jul 2016 13:01:21 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
The latests versions of FindAttachments will report what's inside the zip file, as "zip/ext".

This could allow you to only block zip files containing specific extensions.

Unfortunately the default associations in Windows makes people vulnerable to things that shouldn't be dangerous, like javascript files, so it's becoming important to block wsh, vbs, js and a few other similar extensions that are associated by default to wscript.exe or cscript.exe, including when they are in a zip file.

When possible in corporate environment, I also ask tech support to simply change the default association of those scripts to Notepad. Running a script should be possible but must be a deliberate action (right-click + execute), never a default one (double-click)

Nicolas Hatier, ing. <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com



On 2016-07-28 12:29, Karl Zander wrote:
We have starting blocking all zip file attachments. We're getting 175-200 messages a day with suspicious zip file attachments. (We have about 50 users.)

Subject lines

invoice
annual report
FedEx Delivery Failure

and other subjects designed to trick people to opening the zip and infecting their computer.


Using Nicolas Hatier's Find Attachments filter

Occasionally we get legitimate zip files blocked.  

We setup an instance of OwnCloud for file sharing.


Are we being paranoid or have zip files become too dangerous?

--Karl

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster