See http://support.ipswitch.com/kb/IM-19980116-DD08.htm and
add exe, com, pif ... (you name it) to the kill filter.
Marius
-----Original Message-----
From: Kami Razvan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 27, 2001 5:28 PM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] PIF Files- Virus
From: Kami Razvan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 27, 2001 5:28 PM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] PIF Files- Virus
Recently we are
receiving a number of possible viruses that pass our virus scanning
system.
They all have .pif
extensions. Having checked Symantec:
----------
What is a program information file
(.pif)?
Situation:
You notice that some viruses or worms arrive as a file with a .pif extension, which is the extension used by Windows for application shortcuts. You want to know how it is possible for a shortcut to contain a virus or worm.
Solution:
Windows recognizes the .pif extension as an executable format. Current viruses and worms do not arrive in actual .pif format, but generally as a Portable Executable file or some type of executable script. The extension just tells the operating system that it is a file that can be executed. How the operating system executes the file is determined by the actual file format, not the .pif extension.
What are Portable Executable (PE) files?
PE files are portable across all Microsoft 32-bit operating systems. The same PE-format executable can be executed on any version of Windows 95, 98, Me, NT, and 2000. Therefore, all PE files are executable, but not all executable files are portable.
----------
Situation:
You notice that some viruses or worms arrive as a file with a .pif extension, which is the extension used by Windows for application shortcuts. You want to know how it is possible for a shortcut to contain a virus or worm.
Solution:
Windows recognizes the .pif extension as an executable format. Current viruses and worms do not arrive in actual .pif format, but generally as a Portable Executable file or some type of executable script. The extension just tells the operating system that it is a file that can be executed. How the operating system executes the file is determined by the actual file format, not the .pif extension.
What are Portable Executable (PE) files?
PE files are portable across all Microsoft 32-bit operating systems. The same PE-format executable can be executed on any version of Windows 95, 98, Me, NT, and 2000. Therefore, all PE files are executable, but not all executable files are portable.
----------
I wonder if there
are any arguments against blocking all .pif extensions from the e-mails?
We run McAfee and Declude and these are not being caught. Of course I
don't think if McAfee catches it, Declude can do anything. Our setting on
McAfee is to check all extensions and emails.
Any input is
greatly appreciated.
Regards,
Kami
