[plug] security of linux desktops re mail viri

Michael Hunt michael.j.hunt at usa.net
Sat Dec 15 09:25:47 WST 2001


> Surely one can filter, on a user per user basis, incomming email and
> consign certain attatchments to oblivion whilst allowing the message
> through? A filter killing, amoung other things, .sh .jpg and double
> suffix endings would surely bring the number of accidents down to the
> level where one would feel better after just beating people half to
> death rather then killing them outright.
> Sort of a simple firewall script/filter for the mail system. I'm no
> hacker but it seems simple enough for someone who knows what they are
> doing.
>
> There would be a lot of flack from users not getting their birthday
> cards, but this may be able to be offset by arguing
> productivity/monetary gains from less down time.
>
>
> albert sluik

Note : I'm not recommending the product here but zone Alarm (a windows based
personal firewall) does exactly what you have suggested. For example
whenever a vbs file came in as an attachment zone alarm would rename the
file to something like <name_of_file>.vbs.zam (or something like that. This
caused a zonelarm icon to been seen instead of the default vbs icon and if
the user tried to run the script they would get a zone alarm message
explaining what it had done and why. If you do want to run the script you
can save it to disk, rename it, scan it for viruses and then run it. I
thought that this was pretty cool (and still do) but I don't think Zone
Alarm as a firewall will ever be as secure as a separate linux based
firewall (see http://www.smoothwall.org/ for details).

Personally a sperate firewall suits me as I have a policy that it can be the
'sacrificial lamb' in the event of a security breach. Basically of it can
give me the information as to how and what was cracked, I can rebuild it,
plug the hole and have it back up and working in no time. (I have no data on
it apart from the firewall logs). Sure with smoothwall I would lose my proxy
cache, but it is not that big anyhow. The getting of the whom data is
interesting but a bit of a lower priority for me,



More information about the plug mailing list