** Reply to note from Kevin Saenz <[EMAIL PROTECTED]> Tue, 04 Nov 2003 00:31:14 +1100
> It will be in your next email.
thanks, I'll try to implement later today
> > say, I'm DISCARDing all windoze executables, except .doc and .xls, now,
> > that should stop majority of windoze malware, no ? Except for HTML emails
> > hidden malware ? and, word/excel macros malware ? is that a reasonable
> > assumption ?
> >
> I hope you're kidding. :)
Kevin,
doesn't a windoze malware has to be some kind of executable
application, as per specs below ??
I'm DISCARDing anyhting like these:
# M$-Windoze vulnerable to all these as email-borne viruses/worms/trojans
# Added .ade, .adp, .bas, .cpl, .crt, .hlp, .inf, .ins, .isp, .lnk, .mdb,
# .mde, .msc, .msi, .msp, .mst, .pcd, .reg, .sct, .shs, .url, .vb, and .wsc
/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cbt|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/
REJECT hc1 ".$2"
file attachment types not allowed
apart from HTML emails and word/excel, how else can windoze malware travel
?
what am I missing ?
Voytek Eymont
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
