Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Article about virus sending zip files

Status
Not open for further replies.

nh39

MIS
Oct 25, 2002
188
US
Hi,

I'm looking for technical articles that talk about malicious zip files sent via e-mail by different viruses (not just the virus name) to "explain" why we need block zip files. I've searched for a good while but can't find anything. Thank you.
 
You don't need to block zip files, you need a good virus scanner that will intercept the viruses inside malicious zip files.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
I beg to disagree.
You NEED to block zip files (and a helluva lot others). That way, when the next zip virus strikes, you will not be vulnerable while waiting for you AV vendor to update its virus signature database.
And this is why, too.
 
Blocking arguably the largest method of transfering legitimate files between networks is silly.

Keep your systems up-to-date across the boards is the answer to virus threats. If you continue to prevent file types from being transfered via email because some script idiot decides to write yet another virus using that file extension will only force you to eventually not permit *any* file being sent via email.

So, disagree all you like, but your method won't work either.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
I'm with Dalong 100% on the fact that AV vendors can't release updates fast enough. Besides, I've tested both McAfee and Symantec products on the Exchange server to catch compressed files containing malicious codes and success rates don't look confident.
 
You didn't test very well then. My SAV has been intercepting dozens of viruses within zip files for weeks now.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
Changing the zip extension to something else, e.g. txt, is a good workaround that we're using. Just ask the recipient to change it back to zip. An additional 30 seconds of work won't delay anything.
 
lander215, say... for McAfee GroupShield, what could I have done wrong, then?
 
No idea, I don't use the McAfee product, sorry.

My job as Network Admin is to do everything possible to keep our systems protected and not intrude upon the daily life of users whenever possible. Denying them the ability to send .zip files is a huge intrusion. When the first wave of .zip viruses came out, we temporarily shut down .zip files until we had a handle on what was going on. That lasted just a few days, and it was a huge issue with our users, as it would have been expected to be.

Education is a large part of my job as well, to educate the users what to do and when. The basic approach that if you weren't expecting an attachment from someone, even someone you know, and you don't know what the attachment is or what its for, then you don't open it. Contact the sender to find out why they sent it and what it is. If you can't get hold of the sender, then delete it. If it was important, then they can always resend it.

These latest rounds of viruses were all socially engineered viruses where education of the users is the best approach.

Beyond that, my systems are updated daily with virus sigs, and any Critical Updates from MS when required as well. Does it guarantee we won't get a virus through the system? Absolutely not. But neither does denying the users the ability to send/receive .zip files without having to manipulate them.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
Well, I have to say congrat to you on 2 things.
1) having a working AV software
2) working with the trainable users

I'm with users whom I've tried to teach simple things such as how to create folders and organize their files for a million times and they can never get it.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top