>But theoretically some script kiddy can send two files to his victim: > >- a Virus/Trojan with renamed extension (.txt) >- a small script or program that never will e identified as a malicuos >code. > >Now the victim will launch the second programm (you know there are more >then enough people doing this) >And this easily can rename the first file an launch this one.
Ah, but why bother sending the .txt file? Why not just send the small script or program that will not be identified as malicious? It's pretty easy to write a malicious file that will bypass virus scanners. >I know the SKIPEXT can be very usefull on high-traffic-systems, but i >think if your server has enough resources it will be much better to scan >all files. It certainly can't hurt to scan text files, assuming that the CPU time isn't an issue. On the other hand, I've never heard of a case where an executable program was sent in a .txt file that was sent along with another file that renamed and ran the .txt file. If that script kiddy is willing to go to that much trouble, they could almost as easily write malicious code that would bypass the scanner (a simple "del *.*" type command by itself would likely bypass virus scanners). Remember, virus scanners are primarily looking for code that replicates, rather than destructive code. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .