[Esd-l] Poison Files

Simon Griffiths simon.g at claycrossbs.co.uk
Tue Oct 23 05:53:01 PDT 2001


> Sent: 23 October 2001 08:40
> To: Simon Griffiths
> Cc: esd-l at spconnect.com
> Subject: Re: [Esd-l] Poison Files
> so, see attached file. To explain:
> *.<something>	- to catch notorious troublemakers
> *.[a-z][a-z][a-z0-9].[a-z0-9]+	- to catch double extensions
> antivirus.exe, ..., zipped_files.exe	- known trojans & co.
> Essentialy *.exe catches all known trojans too but I have them in
> 'poisoned' in case of disabling *.exe for some reason.
> If anyone has suggestions about this 'poisoned' I would like to
> hear about
> it. Thank you.
> Sincerely
> Peter

Thanks Peter.  After comparing this with my existing file its pulled out
some interesting differences, mostly sh[bs] and vb code stuffs, this is
excellent as I thought I had those particular extensions covered.

Plus I've got about an extra 10 named files at the bottom.  This has
certainly improved our email security here and we are extremely gratefull.

I'd also at this point like to say thank you to John as his script has
allowed me to fight the hordes of people insisting we run exchange :-)


Simon Griffiths
Systems Administrator - Clay Cross Building Society
Tel:+44(0)1246 862120 - Fax: +44(0)1246 250397
"If you give a million monkeys root access to your systems, they
  sure as hell aren't going to be writing any Shakespeare..."

More information about the esd-l mailing list