I have found as Jeffrey has that by blocking attachments, you greatly reduce and eliminate the bulk of the virus attacks. It will not stop self tunneling worms and you need to provide an alternative for legitimate business attachments. Although, the need for this type is EXTREMELY low and can be usually accomplished with WinZIP or a similar tool. A good place to start is the System and Network Attack Center (SNAC) 60 Minute Network Security Guide. You may contact me directly for a copy or send e-mail to SNAC.Guides@private Robert Myles, CISSP Information Security Officer Oregon Health & Science University Mail Code AD140 2525 SW 1st Avenue Portland, OR 97201 Tel: 503-494-8500 Fax: 503-494-8850 Cell: 503-329-9972 mylesr@private >>> jeffrey <jeffrey@private> 5/22/2002 6:05:58 AM >>> Though perhaps draconian, I have had great success with blocking most of the chinese and korean IP space at a firewall (just port 25). Yes, I get a lot of log entries and, yes, there is a chance I may block a legit email (someday), but it has reduced that source to the merest trickle.... Most viruses come in as attachments. Most attachments come in with a .xxx suffix that can be filtered at the mail server level. I haven't accepted a .com, .vbs, .shr, etc. file via email in a long time, because of the probability of it being a virus. >I know of several people who have been having a big problem with >receiving Korean Spam e-mails. One in particular, receives eight >plus Korean spam mails per day. This has greatly disrupted their >business. The information has been sent to the Korean War Project, >see link below. If you are having any trouble with the Korean spam >the links below will provide you with more information.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:23 PDT