>But theoretically some script kiddy can send two files to his victim:
>
>- a Virus/Trojan with renamed extension (.txt)
>- a small script or program that never will e identified as a malicuos
>code.
>
>Now the victim will launch the second programm (you know there are more
>then enough people doing this)
>And this easily can rename the first file an launch this one.
Ah, but why bother sending the .txt file? Why not just send the small
script or program that will not be identified as malicious? It's pretty
easy to write a malicious file that will bypass virus scanners.
>I know the SKIPEXT can be very usefull on high-traffic-systems, but i
>think if your server has enough resources it will be much better to scan
>all files.
It certainly can't hurt to scan text files, assuming that the CPU time
isn't an issue. On the other hand, I've never heard of a case where an
executable program was sent in a .txt file that was sent along with another
file that renamed and ran the .txt file. If that script kiddy is willing
to go to that much trouble, they could almost as easily write malicious
code that would bypass the scanner (a simple "del *.*" type command by
itself would likely bypass virus scanners). Remember, virus scanners are
primarily looking for code that replicates, rather than destructive code.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
