[Declude.Virus] .shs files posible virus?

Has anyone ran into .shs files? We have a user that has received a .shs file claiming to be an image. From what I am reading on the web these in most cases are viruses or trojan horses. Any thoughts, neither Declude w/F-prot or Norton AV on my local machine picked it up as a virus. Any

RE: [Declude.Virus] .shs files posible virus?

Title: Message Hmmm Interesting... another one to be added to the block extensions in the Declude Virus. But here is a statement from Symantec: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.smorph.html I think there is no reason for this extension to be e-Mailed. Can

RE: [Declude.Virus] .shs files possible virus?

About 6 months ago some one pointed me to a web site that listed all file extensions and their usage. Any one know the URL, or where can we find such information? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was

RE: [Declude.Virus] .shs files possible virus?

About 6 months ago some one pointed me to a web site that listed all file extensions and their usage. Any one know the URL, or where can we find such information? http://www.wotsit.org/ . :) -Scott --- [This E-mail was scanned for viruses by Declude Virus

RE: [Declude.Virus] .shs files possible virus?

Found it: http://whatis.techtarget.com/fileFormatA/0,289933,sid9,00.html SHS Shell scrap file; reportedly used to send password stealers I am going to add this to my banned extension list. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835

RE: [Declude.Virus] .shs files possible virus?

Here is another link: http://office.microsoft.com/assistance/2000/Out2ksecFAQ.aspx On extensions their use. We block the following -- we feel if someone wants to send them they can always zip them, otherwise we just don't want to take any chances. BANEXT ASD BANEXT ASP

Re: [Declude.Virus] .shs files possible virus?

It has been used for virii in the past. See http://www.pchell.com/virus/stagesworm.shtml Dan John Tolmachoff wrote:http://www.pchell.com/virus/stagesworm.shtml Found it: http://whatis.techtarget.com/fileFormatA/0,289933,sid9,00.html SHS Shell scrap file; reportedly used to send

RE: [Declude.Virus] .shs files possible virus?

http://www.wotsit.org/ But they do not list .shs. :-) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus

Re: [Declude.Virus] BANEXT settings

I just implimented the BANEXT in my virus.cfg and added the bannotify.eml to my Declude directory. The notify only goes out to the sender and I would like to know when a banned extension tries to come in as well. I know I could just add an additional entry to the to: field of bannotify.eml but

RE: [Declude.Virus] BANEXT settings

Thanks, will do Scott! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, September 04, 2002 2:07 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] BANEXT settings I just implimented the BANEXT in my virus.cfg and

RE: [Declude.Virus] .shs files possible virus?

OOPS, I already do ban it. :) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Wednesday, September 04, 2002 9:51 AM To:

Re: [Declude.Virus] .shs files possible virus?

Strange as it was, someone actually sent a real image file with the .shs extension. After Scott was kind enough to analyze it and determine the file to be safe, we were able to retrieve the original image by opening the .shs file in notepad, then we copied the source, and pasted it into word.