RE: CRIME Virus list

From: VICTORIA.EVANS@private
Date: Wed May 22 2002 - 13:41:00 PDT

  • Next message: Alan: "Re: CRIME Korean spam & Klez"

    Here's an excerpt from a Tumbleweed article discussing what to filter using
    email filters.
    
                                                                           
     Summary:                                                              
                                                                           
                                                                 This      
                                                                 article   
                                                                 provides  
                                                                 a list of 
                                                                 file      
                                                                 types     
                                                                 that may  
                                                                 potential 
                                                                 ly be     
                                                                 harmful   
                                                                 to some   
                                                                 organizat 
                                                                 ions.     
                                                                           
     Detailed Info:                                                        
                                                                           
                                                                 The       
                                                                 following 
                                                                 is a      
                                                                 partial   
                                                                 list of   
                                                                 file      
                                                                 types     
                                                                 that an   
                                                                 organizat 
                                                                 ion might 
                                                                 consider  
                                                                 to be     
                                                                 dangerous 
                                                                 within    
                                                                 their     
                                                                 organizat 
                                                                 ions.     
                                                                 Many      
                                                                 known     
                                                                 viruses   
                                                                 make use  
                                                                 of some   
                                                                 of these  
                                                                 file      
                                                                 extension 
                                                                 s.        
                                                                 This list 
                                                                 should    
                                                                 not be    
                                                                 considere 
                                                                 d to be   
                                                                 exhaustiv 
                                                                 e, nor    
                                                                 should it 
                                                                 be        
                                                                 assumed   
                                                                 that      
                                                                 every     
                                                                 file      
                                                                 extension 
                                                                 listed    
                                                                 below     
                                                                 would be  
                                                                 undesirab 
                                                                 le in     
                                                                 every     
                                                                 organizat 
                                                                 ion.      
                                                                           
                                                                 As an     
                                                                 administr 
                                                                 ator you  
                                                                 should    
                                                                 review    
                                                                 this      
                                                                 list, and 
                                                                 add any   
                                                                 undesirab 
                                                                 le file   
                                                                 types     
                                                                 that      
                                                                 might be  
                                                                 missing.  
                                                                 You may   
                                                                 also      
                                                                 choose to 
                                                                 remove    
                                                                 items     
                                                                 from this 
                                                                 list that 
                                                                 may have  
                                                                 some      
                                                                 business  
                                                                 need in   
                                                                 your      
                                                                 organizat 
                                                                 ion, or   
                                                                 you don't 
                                                                 consider  
                                                                 dangerous 
                                                                 .         
                                                                           
                                                                 *.AS      
                                                                 *.ASP     
                                                                 *.BAT     
                                                                 *.CHM     
                                                                 *.CMD     
                                                                 *.COM     
                                                                 *.DLL     
                                                                 *.DOT     
                                                                 *.EML     
                                                                 *.EXE     
                                                                 *.FNT     
                                                                 *.HTA     
                                                                 *.INF     
                                                                 *.JS      
                                                                 *.JSE     
                                                                 *.LNK     
                                                                 *.MRC     
                                                                 *.PIF     
                                                                 *.PL      
                                                                 *.REG     
                                                                 *.SCR     
                                                                 *.SHB     
                                                                 *.SHS     
                                                                 *.SWF     
                                                                 *.VB      
                                                                 *.VBE     
                                                                 *.VBS     
                                                                 *.WS      
                                                                 *.WSC     
                                                                 *.WSF     
                                                                 *.WSH     
                                                                 *.XML     
                                                                           
     Resolution:                                                           
                                                                           
                                                                 Many      
                                                                 companies 
                                                                 deploy    
                                                                 policies  
                                                                 to block  
                                                                 potential 
                                                                 ly        
                                                                 dangerous 
                                                                 files.    
                                                                 This can  
                                                                 be a good 
                                                                 proactive 
                                                                 measure   
                                                                 for       
                                                                 defending 
                                                                 against   
                                                                 brand new 
                                                                 viruses   
                                                                 that may  
                                                                 not be    
                                                                 detected  
                                                                 by the    
                                                                 latest    
                                                                 Virus     
                                                                 Pattern   
                                                                 files.    
                                                                           
                                                                 You may   
                                                                 choose to 
                                                                 deploy a  
                                                                 policy    
                                                                 similar   
                                                                 to the    
                                                                 following 
                                                                 :         
                                                                           
                                                                 Catch     
                                                                 messages  
                                                                 where...  
                                                                 Contains  
                                                                 attachmen 
                                                                 ts in the 
                                                                 attachmen 
                                                                 t list    
                                                                 "Potentia 
                                                                 lly       
                                                                 dangerous 
                                                                 files"    
                                                                           
                                                                 Take the  
                                                                 following 
                                                                 actions.. 
                                                                 .         
                                                                 Quarantin 
                                                                 e the     
                                                                 message   
                                                                 with the  
                                                                 tag       
                                                                 "attachme 
                                                                 nt"       
                                                                 and Send  
                                                                 the       
                                                                 notificat 
                                                                 ion       
                                                                 "Sender   
                                                                 Note -    
                                                                 message   
                                                                 with      
                                                                 attachmen 
                                                                 t not     
                                                                 delivered 
                                                                 "         
                                                                           
                                                                 The       
                                                                 policy    
                                                                 might     
                                                                 read      
                                                                 something 
                                                                 like:     
                                                                           
                                                                 For all   
                                                                 messages  
                                                                 sent from 
                                                                 this user 
                                                                 with      
                                                                 attachmen 
                                                                 ts from   
                                                                 the       
                                                                 ""Potenti 
                                                                 ally      
                                                                 dangerous 
                                                                 files"    
                                                                 list      
                                                                 quarantin 
                                                                 e the     
                                                                 message   
                                                                 with the  
                                                                 tag       
                                                                 "attachme 
                                                                 nt"       
                                                                           
                                                                 An        
                                                                 effective 
                                                                 "Potentia 
                                                                 lly       
                                                                 dangerous 
                                                                 files"    
                                                                 list      
                                                                 might be  
                                                                 composed  
                                                                 of:       
                                                                 "All      
                                                                 Executabl 
                                                                 e Files"  
                                                                 "HTML     
                                                                 with      
                                                                 Active    
                                                                 Content"  
                                                                 *.AS      
                                                                 *.ASP     
                                                                 .         
                                                                 .         
                                                                 .         
                                                                 *.WSH     
                                                                 *.XML     
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:31 PDT