On Wed, 3 Mar 2004, Mike Austin wrote:
> Since this social engineering virus seems to be working at some level,
> we're now blocking it based on the From address. Email from the
> following addresses will now get dropped at the email gateways:
> If the virus starts using other from addresses that are actually valid,
> we'll probably have to start blocking "encrypted" archives.
The virus had too many variations to block effectively, and people were
actually unzipping the password protected zips, and getting infected.
So, we are now dropping "encrypted" zip attachments at the mail gateways,
and appending a banner to the body of the message indicating that the
attachment was dropped and why.