[Esd-l] Simplified Poisoned-list
Smart,Dan
SmartD at VMCMAIL.com
Fri Jan 30 07:59:45 PST 2004
I've asked this before, but with all the virus activity, just want to make
sure...
Couldn't the poisoned list be simplified to the following:
==== poisoned-list ====
*.asd
*.bat
*.chm
*.cil
*.cmd
*.com
*.dll
*.exe
*.hlp
*.hta
*.js
*.lnk
*.nws
*.ocx
*.pif
*.reg
*.scr
*.sh[bs]
*.vb
*.vb[se]
*.ws[cfh]
*.[a-z][a-z].(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
anniv.doc
comical_story.doc
list.doc
mmsn_offline.htm
path.xls
serialz.hlp
story.doc
suppl.doc
==== end poisoned-list
Also, shouldn't the following be added?
*.cpl
*.ex
*.jse
*.pi
*.sc
*.sct
*.zi
The .ex, .pi, .sc and .zi were added by me when a virus was adding
attachment but dropped the last letter of the attachment name. One of those
in August like SoBig, Blaster, etc.
<<Dan>>
<<Dan>>
More information about the esd-l
mailing list