I have a very powerful heuristic on my mail server: I discard anything with an .exe attachment.
That ain't near enough. If you *really* want to get rid of Win32 stuff, try:
.386 .bat .bin .cmd .com .cpl .exe .lnk .pif .scr .shb .vbs
and if you want to be even more aggressive, add:
.ade .adp .bas .chm .crt .dll .dot .eml .hlp .hta .inf .ins .isp .js .jse .mdb .mde .msc .msi .msp .mst .ocx .pcd .pif .reg .sct .shs .shs .url .vb .vbe .wsc .wsf .wsh
Of course, that will nuke a lot of stuff you don't want to lose, especially for someone interested in security.
But it is one hell of a housecleaner. :)
-jim
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
