[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]
James McNeill
j at jamesm.id.au
Mon Jan 19 22:07:04 GMT 2004
>
/^Content-(Disposition|Type):\s+.*?(file)?name="?.+?\.(bat|chm|cmd|com|hta|j
se
I once found this list lurking somewhere on microsoft.com. It's all the
extentions that are considered dangerous for a garden variety windows system
(ie. MS-Office et al.) It's what my server blocks.
I thought once that I should set up the server to simply rename the
executable file to .bad or some such and attach a note (yeh, I know that's
against the rules, but hey) to the e-mail explaining how to rename the file
back to what it was if necessary. i never have.
ADE Microsoft Access Project Extension
ADP Microsoft Access Project
BAS Visual Basic Class Module
BAT Batch File
CHM Compiled HTML Help File
CMD Windows NT Command Script
COM MS-DOS Application
CPL Control Panel Extension
CRT Security Certificate
DLL Dynamic Link Library
DO* Word Documents and Templates
EXE Application
HLP Windows Help File
HTA HTML Applications
INF Setup Information File
INS Internet Communication Settings
ISP Internet Communication Settings
JS JScript File
JSE JScript Encoded Script File
LNK Shortcut
MDB Microsoft Access Application
MDE Microsoft Access MDE Database
MSC Microsoft Common Console Document
MSI Windows Installer Package
MSP Windows Installer Patch
MST Visual Test Source File
OCX ActiveX Objects
PCD Photo CD Image
PIF Shortcut to MS-DOS Program
POT PowerPoint Templates
PPT PowerPoint Files
REG Registration Entries
SCR Screen Saver
SCT Windows Script Component
SHB Document Shortcut File
SHS Shell Scrap Object
SYS System Config/Driver
URL Internet Shortcut (Uniform Resource Locator)
VB VBScript File
VBE VBScript Encoded Script File
VBS VBScript Script File
WSC Windows Script Component
WSF Windows Script File
WSH Windows Scripting Host Settings File
XL* Excel Files and Templates
More information about the linux
mailing list