|
The following is a list of file attachments that
are blocked by default by the
WebMax MailScanner service. The attachments are
removed from emails before delivery to you and
are placed in a quarantine area for 30 days should
you wish to receive them.
 These
are known to be dangerous in almost all cases:
deny \.reg$ Possible Windows registry attack
deny \.chm$ Possible compiled Help file-based
virus
deny \.cnf$ Possible SpeedDial attack
deny \.hta$ Possible Microsoft HTML archive attack
deny \.ins$ Possible Microsoft Internet Comm.
Settings attack
deny \.jse?$ Possible Microsoft JScript attack
deny \.lnk$ Possible Eudora *.lnk security hole
attack
deny \.ma[dfgmqrstvw]$ Possible Microsoft Access
Shortcut attack
deny \.pif$ Possible MS-Dos program shortcut attack
deny \.scf$ Possible Windows Explorer Command
attack
deny \.sct$ Possible Microsoft Windows Script
Component attack
deny \.shb$ Possible document shortcut attack
deny \.shs$ Possible Shell Scrap Object attack
deny \.vb[es]$ Possible Microsoft Visual Basic
script attack
deny \.ws[cfh]$ Possible Microsoft Windows Script
Host attack
deny \.xnk$ Possible Microsoft Exchange Shortcut
attack
These
2 added by popular demand - Very often used by
viruses:
deny \.com$ Windows/DOS Executable
deny \.exe$ Windows/DOS Executable
These
are very dangerous and have been used to hide
viruses:
deny \.scr$ Possible virus hidden in a screensaver
deny \.bat$ Possible malicious batch file script
deny \.cmd$ Possible malicious batch file script
deny \.cpl$ Possible malicious control panel item
deny \.mhtml$ Possible Eudora meta-refresh attack
Deny
filenames ending with CLSID's
deny \{[a-hA-H0-9-]{25,}\}$ Filename trying to
hide its real extension
Deny
filenames with lots of contiguous white space
in them:
deny \s{10,} Filename contains lots of white space
Deny
all other double file extensions. This catches
any hidden filenames:
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found
possible filename hiding
|
