Re: Re: [Security] ZIP file attachments temporarily blocked on CalMail

I feel that ZIP file attachments can be of legitimate use, but
certainly understand the urgency and sense of impending doom
with the latest version of the Beagle Bagels.

The best course of action in altering/dropping the attachment
or message would be through notification to the sender or
inline commentary to the recipient.

As this may not be possible, I would even consider condoning
the silent dropping of the attachment. Heck... 1/2 the time
in Outlook XP, it doesn't show attachments that ARE there anyway. ;-)

However, I would NOT support the idea to drop potentially
legitimate messages in their entirey without notification or
bounce. Even if the probability of en e-mail being "real" is
less than 1%, it still deserves to be examined by the
recipient and it is our duty as transit to deliver.

 - Christopher

======================

Today at 01:02 (-0800), Richard A. Peters wrote:

> Date: Wed, 3 Mar 2004 01:02:34 -0800
> From: Richard A. Peters <rap@berkeley.edu>
> To: ken lindahl <lindahl@berkeley.edu>
> Cc: Micronet-UCB microcomputer support user group
> <micronet-list@lists.berkeley.edu>,
> ucb-security list <ucb-security@lists.berkeley.edu>
> Subject: Re: [Micronet] Re: [Security] ZIP file attachments temporarily
> blocked on CalMail
>
> Our intention is to disallow zip files only until we have a more
> refined detection method installed. We recognize the importance of
> being able to transmit zipped files, and are working to resolve this
> restriction.
>
> We currently do not have a sane way of notifying either the sender or
> recipient about virus deletions. Modern e-mail worms are quite
> aggressive in the volume of mail they send, so any notification
> process would have to keep a history of prior notifications to
> prevent senders/recipients from finding hundreds of notification
> e-mails in their mailboxes. That capability does not exist currently.
>
> ..Richard Peters
> Central Computing Services
>
> At 11:13 PM -0800 3/2/04, ken lindahl wrote:
> >At 03:45 PM 3/2/2004, Tom Holub wrote:
> >>I would vote for completely dropping the messages. People are confused
> >>enough about this whole virus problem, and there's very little legitimate
> >>reason to send .zip attachments.
> >
> >i've received quite a few completely legitimate .zip files containing
> >documents sent by colleagues. there's nothing illegitimate about .zip
> >files per se.
> >
> >i can understand the desire to drop .zip attachments temporarily while
> >the current virus is so prevalent, but i do think the recipient should
> >be noitified. an even better solution would be to not deliver the at-
> >tachment, cache it somewhere, and send the recipient a notification so
> >that s/he could fetch it, if s/he knows it to be safe (perhaps after
> >checking with the sender). i believe one of the other UC campuses has
> >a system like that, though i can't recall which campus.
> >
> >ken
> >
> >
> >>On Tue, Mar 02, 2004 at 03:26:29PM -0800, John Ives wrote:
> >>> Wouldn't it be safer to just drop the attachments with a message (like
> >>> the current deleted because of virus message), that way if something
> >>> legitimate is sent, the recipient at least knows what happened and why.
> >>>
> >>> John
> >>>
> >>>
> >>> On Tue, 2 Mar 2004, Aron Roberts wrote:
> >>>
> >>> > Messages containing ZIP file attachments will soon be blocked on
> >>> > the CalMail email system, at least temporarily.
> >>> >
> >>> > From what I understand, messages with virus-containing attachments
> >>> > purporting to come from "The Berkeley.edu Team" and support@socrates,
> >>> > and using various techniques of social engineering -- such as telling
> >>> > users that important instructions are included in these attachments,
> >>> > or warning users that their accounts will be deactivated unless they
> >>> > open these attachments -- have started appearing.
> >>> >
> >>> > This situation is being investigated, and as an interim protective
> >>> > measure, messages containing ZIP files will temporarily be blocked.
> >>> >
> >>> > Aron Roberts
> >>> > Workstation Software Support Group
> >>> > (for the CalMail team)
> >>> > -------------------------------------
> >>> > Sent via the ucb-security mailing list.
> >>> >
> >>>
> >>> ------------------------------------------------------------------------
> >>> The following was automatically added to this message by the list server:
> >>>
> >>> For information about Micronet, including subscribing to
> >>> or unsubscribing from its mailing list and finding out
> >>> about upcoming meetings, please visit the Micronet Web site:
> >>> <http://micronet.berkeley.edu/>.
> >>
> >>--
> >>Tom Holub (tom_holub@LS.Berkeley.EDU, 510-642-9069)
> >>College of Letters & Science
> >>249 Campbell Hall
> >>
> >>------------------------------------------------------------------------
> >>The following was automatically added to this message by the list server:
> >>
> >>For information about Micronet, including subscribing to
> >>or unsubscribing from its mailing list and finding out
> >>about upcoming meetings, please visit the Micronet Web site:
> >><http://micronet.berkeley.edu/>.
> >
> >
> >------------------------------------------------------------------------
> >The following was automatically added to this message by the list server:
> >
> >For information about Micronet, including subscribing to
> >or unsubscribing from its mailing list and finding out
> >about upcoming meetings, please visit the Micronet Web site:
> ><http://micronet.berkeley.edu/>.
>
>
> --
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, including subscribing to
> or unsubscribing from its mailing list and finding out
> about upcoming meetings, please visit the Micronet Web site:
> <http://micronet.berkeley.edu/>.
>

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Wed Mar 3 07:39:07 2004