[Esd-l] Simplified Poisoned-list
John D. Hardin
jhardin at impsec.org
Fri Jan 30 21:45:12 PST 2004
On Fri, 30 Jan 2004, Smart,Dan wrote:
> Couldn't the poisoned list be simplified to the following:
{snip sample}
Sure. It is possible, however, that someone would not want to poison
*.exe and would like a starter list of old, obsolete viruses and
trojan horses... :)
(Anybody still buy that excuse?)
At the moment it's just ugly. Having the extra entries isn't a
performance hit.
> Also, shouldn't the following be added?
>
> *.cpl
Can control panel applets be directly executed?
> *.jse
> *.sct
Do you have a reference for what JSE and SCT files are?
> The .ex, .pi, .sc and .zi were added by me when a virus was adding
> attachment but dropped the last letter of the attachment name.
> One of those in August like SoBig, Blaster, etc.
Mrf. I don't know about that. How many did you see? And (apart from
the .ZIP) did the Windows Executable Magic test trap them?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
64 days until the Slovakian Presidential Election
More information about the esd-l
mailing list