On Tue, Jan 27, 2004 at 03:52:39PM +0000, John Conover wrote:
Dallman Ross writes:
On Tue, Jan 27, 2004 at 12:48:57PM +0000, John Conover wrote:
There are probably more extensions that Microsoft Outlook will
consider, in one form or another, executable:
http://www.johncon.com/john/QuarantineAttachments/
may be of some help-there is a click'ie for the script fragment.
Hmm. I am loathe to add ZIP to the list of bad extensions. My
purpose has never been to stop any and all attachments. Doing so
would be satisfied by a much simpler recipe.
Yea, I agree with you, but Lookout does not look at the file
extensions to decide whether it is executable, (and that's a big
problem.) It looks for a signature in the first few characters of the
file. For example, one of the executable files some of the MyDooms
carries an extension of ".txt" and the only way to be sure is to unzip
it, and look at the header.
John, btw, your page is very good, imho.
I don't have any real samples of the new viruses. I must not know
anybody infected. :) (This is not an invitation to readers to
start sending them to me en masse.)
How big or small are these things? I would thing ruling things
in or out based on size would be a good first step.
If someone who knows a lot about this stuff wishes to email me
privately, that would be welcome.
Dallman
--
"The market can remain irrational longer than
you can remain solvent." -- J. M. Keynes
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail