Re: [Declude.Virus] MS05-16 Exploit

[NIck Hayer]

Title: Message

Hi Andy, Colbeck, Andrew wrote: Declude Virus will *not* detect abuse of MS05-16 with the Declude CLSID vulnerability detector.   They are entirely different animals, which happen to have CLSID at their heart. You are sure up to date with this stuff!   The only way to attack MS05-16 abuse with Declude Virus is with a) keep your virus scanner up to date, This is good news. That can be easily accomplished - and/or b) to watch for virus news and ban extensions that are deliberately crafted as bogus, e.g. .d0c or .doc_ instead of .doc Well this  won't be effective becase folks now rename extensions as a matter of course to get clean files through  eg - .exe > .e_x_e    :)   Leave it up to your antivirus scanner. Perfect and thanks for the insight. -Nick