why are you tuesday 10pm?
> ** Reply to note from Kevin Saenz <[EMAIL PROTECTED]> Tue, 04 Nov 2003 00:31:14 +1100
>
>
> > It will be in your next email.
>
> thanks, I'll try to implement later today
>
> > > say, I'm DISCARDing all windoze executables, except .doc and .xls, now,
> > > that should stop majority of windoze malware, no ? Except for HTML emails
> > > hidden malware ? and, word/excel macros malware ? is that a reasonable
> > > assumption ?
> > >
> > I hope you're kidding. :)
>
> Kevin,
>
> doesn't a windoze malware has to be some kind of executable
> application, as per specs below ??
>
> I'm DISCARDing anyhting like these:
>
> # M$-Windoze vulnerable to all these as email-borne viruses/worms/trojans
> # Added .ade, .adp, .bas, .cpl, .crt, .hlp, .inf, .ins, .isp, .lnk, .mdb,
> # .mde, .msc, .msi, .msp, .mst, .pcd, .reg, .sct, .shs, .url, .vb, and .wsc
> /^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cbt|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|mp3|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/
> REJECT hc1 ".$2"
> file attachment types not allowed
>
> apart from HTML emails and word/excel, how else can windoze malware travel
> ?
>
> what am I missing ?
>
> Voytek Eymont
--
Regards,
Kevin Saenz
Spinaweb
I.T consultants
Ph: 02 4620 5130
Fax: 02 4625 9243
Mobile: 0418455661
Web: http://www.spinaweb.com.au
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
