[Esd-l] Poison Files
Peter Hanecak
hanecak at megaloman.com
Tue Oct 23 00:42:01 PDT 2001
Hello,
On Fri, 19 Oct 2001, Simon Griffiths wrote:
> Would anyone care to share there poison files as the one I have hasn't been
> updated for a while. Basically the systems just about to move from a test
> enviroment to production and I'm concerned that I haven't caught and added
> all virii to our poison file. I'd really just like it to verify our file is
> upto date as well.
so, see attached file. To explain:
*.<something> - to catch notorious troublemakers
*.[a-z][a-z][a-z0-9].[a-z0-9]+ - to catch double extensions
antivirus.exe, ..., zipped_files.exe - known trojans & co.
Essentialy *.exe catches all known trojans too but I have them in
'poisoned' in case of disabling *.exe for some reason.
If anyone has suggestions about this 'poisoned' I would like to hear about
it. Thank you.
Sincerely
Peter
--
===================================================================
Peter Hanecak <hanecak at megaloman.com>
GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
===================================================================
*.asd
*.bat
*.chm
*.com
*.dll
*.eml
*.exe
*.hlp
*.hta
*.js
*.lnk
*.nws
*.ocx
*.pif
*.scr
*.sh[bs]
*.vb
*.vb[es]
*.ws[cfh]
*.[a-z][a-z][a-z0-9].[a-z0-9]+
antivirus.exe
anti_cih.exe
aol4free.com
avp_updates.exe
babylonia.exe
badass.exe
buhh.exe
chocolate.exe
Common.exe
compu_ma.exe
Disk.exe
happy99.exe
IBMls.exe
ie0199.exe
ie[0-9]+.exe
i-watch-u.exe
jesus.exe
list.doc
LOVE-LETTER-FOR-YOU.TXT.vbs
lovers.exe
matcher.exe
monopoly.vbs
misworld.exe
MissWorld.exe
MWld.exe
MWrld.exe
navidad.exe
path.xls
perrin.exe
photos17.exe
picture.exe
pretty park.exe
prettypark.exe
qi_test.exe
readme.exe
ReDe.exe
seicho_no_ie.exe
serialz.hlp
setup.exe
Si.exe
sslpatch.exe
story.doc
suppl.doc
surprise!.exe
UserConf.exe
wtc.exe
x-mas.exe
y2kcount.exe
yahoo.exe
zipped_files.exe
More information about the esd-l
mailing list