From: Jan van Hoek (NL) 

>> If you only block certain types of attachments
>> and mydoom spoofs like it is a different type
>> then you can get hosed

Not to worry, we follow (more or less) the same policy as you.

We only allow a very limited list of file types (only 5 to 10 long) and
refuse the rest of the universe. File type spoofing is detected by our
front end virus scanner (eSafe), and handled as such (blocked). ZIP-files
are not refused upfront, but are expanded (max 10 levels deep), after which
the building blocks are handled one by one via the standard policies.

Howver, there are some "political" differences with your
situation as outlined in your earlier posting in this thread: [start quote]
"(...)all attachments, and I do mean all, have been blocked. And to
get around the issues with java or scripting in an email we use Eudora 1.54
(text only, it doesn't even do html)" [end quote]
Our company policy is to use MS stuff for everything, unless... There is no
compelling reason (read: not one reason that management understands) to ban
Outlook from our premises. IOW that is our default e-mail client (no
Outlook Express is given to any user, however). Same for HTML e-mail, which
is sent more and more by various people who unknowingly have set HTML as
their default mail format. Sometimes I'm inclined to configure Outlook to
process them as text anyway (like you did), but there are also sources who
use HTML intentionally for brochures and other commercial mailings.

For similar "political" reasons I cannot block the contents of
DOC and XLS attachments (we strip all macro's, however), as long as you
cannot teach the bean counters to use our FTP server to transfer monthly
figures to/from various official agents they (legally) have to report to.

All in all, my hands are tied in some respects. But on average, our
policies are very strict (some say: too strict). And we have nearly 4
"virus free" years as proof that this is the right approach. Only
3% of Dutch companies can say the same, as recent research revealed. And
the policies of most of that 3% are very much stricter than ours, even to
the extent of being impractical and unworkable (think of separate
workstations for "production" and office work, no connection
whatsoever with Internet, et cetera).
--
-- Jan van Hoek (NL)
-- Sat 7 Feb 2004 07:58 CET

--- BBBS/NT v4.01 Flag-5