[Esd-l] Simplified Poisoned-list
Smart,Dan
SmartD at VMCMAIL.com
Mon Feb 2 08:37:43 PST 2004
Can the poisoned list contain comments?
<<Dan>>
| -----Original Message-----
| From: John D. Hardin [mailto:jhardin at impsec.org]
| Sent: Friday, January 30, 2004 11:45 PM
| To: Smart,Dan
| Cc: esd-l at spconnect.com
| Subject: Re: [Esd-l] Simplified Poisoned-list
|
| On Fri, 30 Jan 2004, Smart,Dan wrote:
|
| > Couldn't the poisoned list be simplified to the following:
|
| {snip sample}
|
| Sure. It is possible, however, that someone would not want to
| poison *.exe and would like a starter list of old, obsolete
| viruses and trojan horses... :)
|
| (Anybody still buy that excuse?)
|
| At the moment it's just ugly. Having the extra entries isn't
| a performance hit.
|
| > Also, shouldn't the following be added?
| >
| > *.cpl
|
| Can control panel applets be directly executed?
|
| > *.jse
| > *.sct
|
| Do you have a reference for what JSE and SCT files are?
|
| > The .ex, .pi, .sc and .zi were added by me when a virus was adding
| > attachment but dropped the last letter of the attachment name.
| > One of those in August like SoBig, Blaster, etc.
|
| Mrf. I don't know about that. How many did you see? And
| (apart from the .ZIP) did the Windows Executable Magic test trap them?
|
| --
| John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
| jhardin at impsec.org pgpk -a jhardin at impsec.org
| key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
| --------------------------------------------------------------
| ---------
| "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
| does quite what I want. I wish Christopher Robin was here."
| -- Peter da Silva in a.s.r
| --------------------------------------------------------------
| ---------
| 64 days until the Slovakian Presidential Election
|
More information about the esd-l
mailing list