[Esd-l] Poison Files
hanecak at megaloman.com
Tue Oct 23 00:42:01 PDT 2001
On Fri, 19 Oct 2001, Simon Griffiths wrote:
> Would anyone care to share there poison files as the one I have hasn't been
> updated for a while. Basically the systems just about to move from a test
> enviroment to production and I'm concerned that I haven't caught and added
> all virii to our poison file. I'd really just like it to verify our file is
> upto date as well.
so, see attached file. To explain:
*.<something> - to catch notorious troublemakers
*.[a-z][a-z][a-z0-9].[a-z0-9]+ - to catch double extensions
antivirus.exe, ..., zipped_files.exe - known trojans & co.
Essentialy *.exe catches all known trojans too but I have them in
'poisoned' in case of disabling *.exe for some reason.
If anyone has suggestions about this 'poisoned' I would like to hear about
it. Thank you.
Peter Hanecak <hanecak at megaloman.com>
GPG pub.key: http://www.megaloman.com/gpg/hanecak-megaloman.txt
More information about the esd-l