RE: CRIME Virus list

From: Mark Wills (mark@private)
Date: Wed May 22 2002 - 09:45:57 PDT

  • Next message: brvarin@private: "RE: CRIME Virus list"

    Filtering by subject line is similar to using a screen door to block a
    flood. If you can't put in a real virus scan at the mail server level,
    Building a list of executable file name extensions might be an alternative.
    The subject lines list is much too dynamic.
    
    Here is a list of potential "dangerous cargo" to consider, I found on
    http://www.slipstick.com/outlook/esecup.htm:
    File extension File type
    .ade Microsoft Access project extension
    .adp Microsoft Access project
    .asx Windows Media Audio or Video shortcut (blocked only in Outlook 2002
    builds earlier than 10.0.3005.x)
    .bas Visual Basic class module
    .bat Batch file
    .chm Compiled HTML Help file
    .cmd Windows NT Command script
    .com MS-DOS program
    .cpl Control Panel extension
    .crt Security certificate
    .exe Program
    .hlp Help file
    .hta HTML program
    .inf Setup  Information
    .ins Internet Naming Service
    .isp Internet Communication settings
    .js JScript Script file
    .jse Jscript Encoded Script file
    .lnk Shortcut
    .mda Microsoft Access add-in program (blocked only in Outlook 2002)
    .mdb Microsoft Access program
    .mdt Microsoft Access workgroup information (blocked only in Outlook 2002
    SP-1 and later)
    .mdw Microsoft Access workgroup information (blocked only in Outlook 2002
    SP-1 and later)
    .mde Microsoft Access MDE database
    .mdz Microsoft Access wizard program
    .msc Microsoft Common Console document
    .msi Windows Installer package
    .msp Windows Installer patch
    .mst Visual Test source files
    .ops Office XP settings (blocked only in Outlook 2002 SP-1 and later)
    .pcd Photo CD image
    .pif Shortcut to MS-DOS program
    .prf Microsoft Outlook profile settings (blocked only in Outlook 2002)
    .reg Registration entries
    .scf Windows Explorer command (blocked only in Outlook 2002)
    .scr Screen saver
    .sct Windows Script Component
    .shb Shell Scrap Object
    .shs Shell Scrap Object
    .url Internet shortcut
    .vb VBScript file
    .vbe VBScript encoded script file
    .vbs Visual Basic Script file
    .wsc Windows Script Component
    .wsf Windows Script file
    .wsh Windows Script Host Settings file
    
    -----Original Message-----
    From: owner-crime@/var/spool/majordomo/lists/crime
    [mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of Steve
    Nichols
    Sent: Wednesday, May 22, 2002 3:38 AM
    To: Owner-Crime
    Subject: CRIME Virus list
    
    
    Anyone know of a list of all virus subject line?
    
    I'm trying to write a sendmail Check_Subject rule to filter the
    incomming email's.
    
    I can do something like this (it's rough but you should get the idea)
    
    F{Virus}    /var/log/virus
    
    HSubject:               $>Check_Subject
    D{MPat} R<$={Virus}>
    D{MMsg}This message may contain a Virus. It has been rejected by our
    Server.
    
    SCheck_Subject
    R${MPat} $*             $#error $: 550 ${MMsg}
    RRe: ${MPat} $*         $#error $: 550 ${MMsg}
    
    But I need a list of all subjects associated with viri.
    
    
    Steven Nichols
    Network and Systems Administrator
    Internet and NOC Manager
    
    
                       VALLEY INTERNET COMPANY
                    1709 NE 27th Street, Suite C
                      McMinnville, Oregon 97128
               503-565-5030 or 800-909-9078 (toll-free)
         "Pay no attention to the folks behind the curtain..."
       PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:25 PDT