Do you filter out ZIP files from emails?

View Poll Results: Vote for your favorite Quick Tip!

37. You may not vote on this poll
  • Security policies do no good if they are not implemented and enforced. - zENGER

    2 5.41%
  • A virus, worm or malware are not the only things that cause your computer or applications to slow or freeze. Consider also your hardware: mismatched memory, a faulty HDD, overheating CPU or PSU are a few of the "likelies". A recent install or update could also be responsible. - Und3ertak3r

    4 10.81%
  • In the office (or any network computing environment), it's good practice to lock your terminal if you step away for any reason. It may seem like a slight inconvenience but it makes a big difference in the overall security of the local network. - CuseMMA

    0 0%
  • Swallow your pride and read the TFM (Trusted Facility Manual), entitled "Administrator's and User's Security Guide," it's free and available on the Microsoft web site. - !mitationRust

    3 8.11%
  • Security is all about the People, Process and Technology. First, we need to educate people about the importance of security. Then, we develop our processes and policies. Finally, we use technology to enforce them. - jdenny

    4 10.81%
  • A computer, server and a router is only as secure as the room it is in. - Riot

    1 2.70%
  • Always backup files in multiple locations (at least two) , you never know when you're going to accidently overwrite a file. - ŠopyŽight

    3 8.11%
  • Security is a practice not an art. Knowing about a vulnerability, but not responding to it by patching the system or updating your firewall or AV, only condemns your system to a black and dusky future. Learn and then apply. - Black Cluster

    3 8.11%
  • Deleted isn't. - Striek

    12 32.43%
  • Computers can be abused in many ways. Learn how and then secure your computer not only for your personal data, but also to make sure that your computer cannot be used against any other system. Having a computer connected to any sort of network brings along with it responsibility. - instronics

    5 13.51%
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Do you filter out ZIP files from emails?

  1. #1
    oldie ric-o's Avatar
    Join Date
    Nov 2002

    Question Do you filter out ZIP files from emails?

    My question is:

    Does your company remove (filter out) ZIP file attachments from emails?

    I'm being asked by my company to review our policy on this and need data regarding other companies.
    Thanks in advance.

  2. #2
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Currently, we do not, but I too am in the process of taking at look at our current policies and revising as needed. I haven't made a decision as of yet regarding .ZIPs, but certainly we will continue to block any executable (.EXE, .COM, etc.). The problem with the .ZIPs is that there is some malware that is transferred via password protected .ZIP files in which some AV scanners couldn't pry into...
    - Maverick

  3. #3
    Senior Member
    Join Date
    Apr 2004
    We remove only password protected .zip files.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    The Great White North
    Our antivirus gateway will scan within zip files, if it's a virus, it's gone, if not, it is passed on to its destination. Like cacosapo said, if its password protected its also deleted because the gateway can't open it to scan it.


  5. #5
    Join Date
    Mar 2004
    We strip zip files only when they are password protected or a file inside them is infected.

    We also strip all file types that are potential problems... dll, reg, exe, com, pif, etc

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    We strip Zips, (password protected or not), because I prefer to see the raw files themselves anyway. Generally this does not present a size issue for my company because most attachments are small(ish) Office docs.

    We also block all executable content. Should executable content be required we will issue a login/passowrd combination to the FTP server in the DMZ and the user can place it there.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    Same here..

    zips are stripped and contents scanned..
    MS executables (including but not limited to .exe .pif .scr .bat .cmd) are removed..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    We remove zips, unless specific notice is given, we have never had people send us zips intentionally, if I worked at a place where we used zips more frequently, then I probably would work out a stripping solution like stated above. But since we dont use them 99.9% of the time, its just one less thing to have to support at the moment.
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Hi ric-o, the general consensus seems to be removing the zip file. Or at a minimum the password protected files since virus scanners can't open them. I side on removing only password protected zips. We've gone back an forth on the issue since some customers have asked for information in a zip format. If I was going to decide to block zips today it could be done in seconds but could hurt the enterprise because of the way exchange and the virus scanning engine interact. Once that decision is made ALL messages, even those that have been setting in someone's inbox for months get cleaned. I would make an effort to see who uses them and in what aspect as well as the security aspect of monitoring files as they cross the mail servers.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    [Harping on]

    AV is reactive..... Blocking only Zips that are password protected and scanning the rest is no guarantee whatsoever that the enclosed code is not malicious.... Only that it is not recognized as malicious. Any Zip file can be self executing. If the AV product could also block self executing Zips then part of the battle would be won. Even if it could there will always be the trivially socially engineered user that will still click on the executable content of a zip file if it is delivered to them.

    If your users are sophisticated enough to comprehend _executable_ content and zip files then they are easily able to comprehend passing files through a password protected FTP site which instantly mitigates email-borne threats. If they aren't then they don't need them anyway. If the sender sends a zip then they will be competent enough to unpack the file and send it in clear at the request of the recipient if it is only a jpg, tiff, word/excel/powerpoint doc. Since these are no longer common vectors the AV can pick them up easily and if the App is patched or more up to date then the auto-running macros can be prompted for or denied anyway.

    Even if you are a shop that requires executable content to pass between a sender and a recipient there are less vulnerable methods of doing it. Why risk any exposure when none is necesary in a corporate environment?

    [/Harping on]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts