• Subject: Fighting viruses - changes to e-mail attachments coming up
• From: Born Again Hacker (Janaka Jayawardena) janaka@ece.pdx.edu
• Date: Thu, 20 Dec 2001 17:41:38 -0800

Our mail servers are going to be checking incoming mail for "runnable attachments" (ie: things that will attempt to run if you click on them in your mailer) and will render them non-runnable by modifying their filename extension with "-defanged".

If you indeed wish to execute these programs that you have received via e-mail (and you know them to be safe), you will need to save them to disk and rename them to bring back the proper extension.

For instance, if you received a file called "readme.exe", it would have been renamed as "readme.exe-defanged".

We are currently working on dealing with the virus problem on a number of different layers. No one of these will be foolproof, but having them all in action will reduce our vulnerability.

We currently have anti-viral scanning occurring on all supported Wintel desktops. We intend to have anti-viral scanning happening at the mail server end soon. However, the best virus scanning will be useless if we are on the leading edge of an attack. So far, we've been very lucky. That's why defanging runnables will buy us a little more insurance.

Let us know if you have any questions and concerns. We're putting this in place in time for Christmas and the holiday season, when the virus writers' muse seems particularly active.

Janaka Jayawardena                              Director, Computing Support
                                College of Engineering and Computer Science

WEB:     http://www.cat.pdx.edu/~janaka               Computer Action Team
INTERNET:janaka@cat.pdx.edu     Fax:(503)-725-4298    Voice:(503)-725-5410
USNAIL:   Portland State University (SCS), P.O.Box 751, Portland, OR 97207